CVE-2022-26780

Exploit

EPSS 0.91%
Veröffentlicht 12.05.2022 17:15:10
Zuletzt bearbeitet 21.11.2024 06:54:29
Quelle talos-cna@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_init` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Inhandnetworks ≫ Ir302 Firmware Version <= 3.5.37

Inhandnetworks ≫ Ir302 Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.91%	0.754

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
talos-cna@cisco.com	9.9	3.1	6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.inhandnetworks.com/upload/attachment/202205/10/InHand-PSA-2022-01.pdf

Vendor Advisory

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1481

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2022-26780

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-26780

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-26780

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-26780