HIGH🇵🇱 Wersja polska

CVE-2022-21809

CVSS 8.1v3.1pub. 2022-05-12upd. 2024-11-21

A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
  • Inhandnetworks Inrouter302

    HW
    Inhandnetworks
    wszystkie wersje
  • Inhandnetworks Inrouter302 Firmware

    OS
    Inhandnetworks
    ≤ 3.5.37
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-22600CRITICAL10.0ten sam produkt

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-...

CVE-2023-22601CRITICAL10.0ten sam produkt

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-...

CVE-2022-25932CRITICAL9.8ten sam produkt

The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. ...

CVE-2023-22598HIGH7.2ten sam produkt

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-...

CVE-2023-22599HIGH7.0ten sam produkt

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-...