CVE Vulnerabilities

CVE-2022-25995

Active Debug Code

Published: May 12, 2022 | Modified: Nov 21, 2024
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
9 HIGH
AV:N/AC:L/Au:S/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.

Weakness

The product is released with debugging code still enabled or active.

Affected Software

Name Vendor Start Version End Version
Ir302_firmware Inhandnetworks 3.5.4 (including) 3.5.4 (including)

Potential Mitigations

References