CVE-2022-26780

Name of the Vulnerable Software and Affected Versions InHand Networks InRouter302 version 3.5.4

Description Multiple improper input validation vulnerabilities exist in the libnvram.so nvram import functionality. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. An improper input validation vulnerability exists in the httpd's user define init function, where controlling the user define timeout nvram variable can lead to remote code execution.

Recommendations For InHand Networks InRouter302 version 3.5.4, consider disabling the nvram import functionality and restricting access to the httpd's user define init function until a patch is available. Avoid using the user define timeout nvram variable in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.