9.9
CVE-2022-26782
- EPSS 1.26%
- Veröffentlicht 12.05.2022 17:15:11
- Zuletzt bearbeitet 21.11.2024 06:54:29
- Quelle talos-cna@cisco.com
- CVE-Watchlists
- Unerledigt
LoginMultiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_set_item` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Inhandnetworks ≫ Ir302 Firmware Version <= 3.5.37
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.26% | 0.791 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| talos-cna@cisco.com | 9.9 | 3.1 | 6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.