Vulnerabilities > CVE-2022-29888 - Unspecified vulnerability in Inhandnetworks Ir302 Firmware 3.5.45

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

inhandnetworks

NVD

Published: 2022-11-09

Updated: 2022-11-10

Summary

A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability.

Vulnerable Configurations

Part	Description	Count
OS	Inhandnetworks Inhandnetworks Ir302 Firmware 3.5.45	1
Hardware	Inhandnetworks Inhandnetworks Ir302 -	1

References

https://talosintelligence.com/vulnerability_reports/TALOS-2022-1522
https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf