CVE-2022-28689

Name of the Vulnerable Software and Affected Versions InHand Networks InRouter302 version 3.5.45

Description A leftover debug code vulnerability exists in the console support functionality. This vulnerability can be triggered by a specially-crafted network request, leading to arbitrary command execution. An attacker can exploit this issue by sending a sequence of requests.

Recommendations For InHand Networks InRouter302 version 3.5.45, consider disabling the console support functionality until a patch is available to prevent arbitrary command execution. Restrict access to the network to minimize the risk of exploitation. Avoid using the vulnerable console support functionality in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.