CVE-2022-29888

Name of the Vulnerable Software and Affected Versions InHand Networks InRouter302 version 3.5.45

Description A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality. This allows an attacker to send a specially-crafted HTTP request, potentially leading to arbitrary file deletion.

Recommendations For InHand Networks InRouter302 version 3.5.45, consider restricting access to the upload.cgi functionality on httpd port 4444 until a patch is available. As a temporary workaround, avoid using the upload.cgi functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.