CVE-2022-26042

Name of the Vulnerable Software and Affected Versions InHand Networks InRouter302 version 3.5.4

Description A command injection issue exists due to the lack of neutralization of special elements used in the OS command. This allows a remote attacker to execute arbitrary commands. The vulnerability can be triggered by sending a specially-crafted network request to the daretools binary functionality.

Recommendations For InHand Networks InRouter302 version 3.5.4, consider restricting access to the daretools binary functionality until a patch is available. As a temporary workaround, avoid using the vulnerable functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.