CVE-2022-26085

Name of the Vulnerable Software and Affected Versions InHand Networks InRouter302 version 3.5.4

Description An OS command injection issue exists in the httpd wlscan ASP functionality, allowing a specially-crafted HTTP request to lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this issue. The vulnerability can be exploited by a remote attacker to execute arbitrary commands.

Recommendations For InHand Networks InRouter302 version 3.5.4, consider disabling the wlscan ASP functionality in the httpd service until a patch is available to prevent exploitation. Restrict access to the httpd service to minimize the risk of arbitrary command execution. Avoid using the vulnerable httpd wlscan ASP functionality until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.