Details of VAR-202205-0971

ID

VAR-202205-0971

CVE

CVE-2022-21809

TITLE

InHand Networks of InRouter302 Unrestricted Upload of Dangerous File Types Vulnerability in Firmware

Trust: 0.8

sources: JVNDB: JVNDB-2022-009674

DESCRIPTION

A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability. InHand Networks of InRouter302 Firmware has an unrestricted upload of dangerous file types vulnerability.Information is tampered with and service operation is interrupted (DoS) It may be in a state. InHand Networks InRouter Series is a series of routers from InHand Networks in the United States

Trust: 2.25

sources: NVD: CVE-2022-21809 // JVNDB: JVNDB-2022-009674 // CNVD: CNVD-2022-59192 // VULMON: CVE-2022-21809

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-59192

AFFECTED PRODUCTS

vendor:	inhandnetworks	model:	inrouter302	scope:	lte	version:	3.5.37	Trust: 1.0
vendor:	inhand	model:	inrouter302	scope:	eq	version:	-	Trust: 0.8
vendor:	inhand	model:	inrouter302	scope:	lte	version:	inrouter302 firmware 3.5.37 and earlier	Trust: 0.8
vendor:	inhand	model:	inrouter302	scope:	-	version:	-	Trust: 0.8
vendor:	inhand	model:	networks inrouter302	scope:	eq	version:	v3.5.4	Trust: 0.6

sources: CNVD: CNVD-2022-59192 // JVNDB: JVNDB-2022-009674 // NVD: CVE-2022-21809

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-21809
value:	HIGH
Trust: 1.0
talos-cna@cisco.com:	CVE-2022-21809
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-21809
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-59192
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202205-3120
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2022-21809
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-59192
severity:	MEDIUM
baseScore:	5.5
vectorString:	AV:N/AC:L/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-21809
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.2
version:	3.1
Trust: 1.0
talos-cna@cisco.com:	CVE-2022-21809
baseSeverity:	CRITICAL
baseScore:	9.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	CVE-2022-21809
baseSeverity:	HIGH
baseScore:	8.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-59192 // JVNDB: JVNDB-2022-009674 // CNNVD: CNNVD-202205-3120 // NVD: CVE-2022-21809 // NVD: CVE-2022-21809

PROBLEMTYPE DATA

problemtype:	CWE-434	Trust: 1.0
problemtype:	CWE-377	Trust: 1.0
problemtype:	Unlimited uploads of dangerous types of files (CWE-434) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-009674 // NVD: CVE-2022-21809

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3120

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202205-3120

PATCH

title:	Patch for InHand Networks InRouter302 File Write Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/347211	Trust: 0.6
title:	InHand Networks InRouter302 Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193835	Trust: 0.6

sources: CNVD: CNVD-2022-59192 // CNNVD: CNNVD-202205-3120

EXTERNAL IDS

db:	NVD	id:	CVE-2022-21809	Trust: 3.9
db:	TALOS	id:	TALOS-2022-1468	Trust: 3.1
db:	JVNDB	id:	JVNDB-2022-009674	Trust: 0.8
db:	CNVD	id:	CNVD-2022-59192	Trust: 0.6
db:	CS-HELP	id:	SB2022051611	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-3120	Trust: 0.6
db:	VULMON	id:	CVE-2022-21809	Trust: 0.1

sources: CNVD: CNVD-2022-59192 // VULMON: CVE-2022-21809 // JVNDB: JVNDB-2022-009674 // CNNVD: CNNVD-202205-3120 // NVD: CVE-2022-21809

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2022-1468	Trust: 3.1
url:	https://www.inhandnetworks.com/upload/attachment/202205/10/inhand-psa-2022-01.pdf	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-21809	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-21809/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051611	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-59192 // VULMON: CVE-2022-21809 // JVNDB: JVNDB-2022-009674 // CNNVD: CNNVD-202205-3120 // NVD: CVE-2022-21809

SOURCES

db:	CNVD	id:	CNVD-2022-59192
db:	VULMON	id:	CVE-2022-21809
db:	JVNDB	id:	JVNDB-2022-009674
db:	CNNVD	id:	CNNVD-202205-3120
db:	NVD	id:	CVE-2022-21809

LAST UPDATE DATE

2024-11-23T21:32:27.514000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-59192	date:	2022-08-25T00:00:00
db:	VULMON	id:	CVE-2022-21809	date:	2022-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-009674	date:	2023-08-07T08:15:00
db:	CNNVD	id:	CNNVD-202205-3120	date:	2022-05-24T00:00:00
db:	NVD	id:	CVE-2022-21809	date:	2024-11-21T06:45:28.710

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-59192	date:	2022-08-25T00:00:00
db:	VULMON	id:	CVE-2022-21809	date:	2022-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-009674	date:	2023-08-07T00:00:00
db:	CNNVD	id:	CNNVD-202205-3120	date:	2022-05-12T00:00:00
db:	NVD	id:	CVE-2022-21809	date:	2022-05-12T17:15:10.127