CVE-2022-21182

Name of the Vulnerable Software and Affected Versions InHand Networks InRouter302 version 3.5.4

Description The issue is related to inadequate access control in the software of InHand Networks InRouter302 routers. It allows a remote attacker to execute arbitrary commands and escalate privileges. A specially-crafted HTTP request to the router configuration import functionality can trigger this issue, leading to increased privileges for the attacker.

Recommendations For InHand Networks InRouter302 version 3.5.4, consider restricting access to the router configuration import functionality until a patch is available. As a temporary workaround, limit the ability to send specially-crafted HTTP requests to the affected functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.