CVE-2022-26781

Name of the Vulnerable Software and Affected Versions InRouter302 version 3.5.4

Description The issue is related to improper input validation vulnerabilities in the libnvram.so nvram import functionality and the httpd's user define print function. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Controlling the user define timeout nvram variable can also lead to remote code execution.

Recommendations For InRouter302 version 3.5.4, consider disabling the user define print function and restrict access to the user define timeout nvram variable to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.