CVE-2022-26020

Name of the Vulnerable Software and Affected Versions InHand Networks InRouter302 version 3.5.4

Description An information disclosure issue exists in the router configuration export functionality. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP request to trigger this issue. The vulnerability is also related to the use of a hardcoded cryptographic key, which can allow a remote attacker to elevate privileges and disclose protected information using a specially crafted HTTP request.

Recommendations For InHand Networks InRouter302 version 3.5.4, consider restricting access to the configuration export functionality until a patch is available. As a temporary workaround, avoid using the router configuration export functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.