{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-29888", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "datePublished": "2022-11-09T17:35:39.230723Z", "dateUpdated": "2024-09-16T17:47:44.738Z", "dateReserved": "2022-05-16T00:00:00"}, "containers": {"cna": {"datePublic": "2022-10-27T00:00:00", "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2022-11-09T00:00:00"}, "descriptions": [{"lang": "en", "value": "A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability."}], "affected": [{"vendor": "InHand Networks", "product": "InRouter302", "versions": [{"version": "V3.5.45", "status": "affected"}]}], "references": [{"url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1522"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-489: Leftover Debug Code", "cweId": "CWE-489"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:33:43.056Z"}, "title": "CVE Program Container", "references": [{"url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf", "tags": ["x_transferred"]}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1522", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:inhandnetworks:ir302_firmware:3.5.45:*:*:*:*:*:*:*", "matchCriteriaId": "CCD75096-9011-4F14-BE6C-B64A187954F0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:inhandnetworks:ir302:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E358655-E442-4D2C-B0B8-03C6780EC55C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de c\u00f3digo de depuraci\u00f3n sobrante en la funcionalidad upload.cgi del puerto httpd 4444 de InHand Networks InRouter302 V3.5.45. Una solicitud HTTP especialmente manipulada puede provocar la eliminaci\u00f3n arbitraria de un archivo. Un atacante puede enviar una solicitud HTTP para desencadenar esta vulnerabilidad."}], "id": "CVE-2022-29888", "lastModified": "2024-11-21T06:59:54.693", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "talos-cna@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-09T18:15:14.643", "references": [{"source": "talos-cna@cisco.com", "tags": ["Vendor Advisory"], "url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf"}, {"source": "talos-cna@cisco.com", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1522"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1522"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-489"}], "source": "talos-cna@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}