Details of VAR-202205-0994

ID

VAR-202205-0994

CVE

CVE-2022-25995

TITLE

InHand Networks of ir302 Firmware vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-009657

DESCRIPTION

A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. InHand Networks of ir302 There are unspecified vulnerabilities in the firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. InHand Networks InRouter Series is a series of routers from InHand Networks in the United States

Trust: 2.25

sources: NVD: CVE-2022-25995 // JVNDB: JVNDB-2022-009657 // CNVD: CNVD-2022-59184 // VULMON: CVE-2022-25995

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-59184

AFFECTED PRODUCTS

vendor:	inhandnetworks	model:	ir302	scope:	eq	version:	3.5.4	Trust: 1.0
vendor:	inhand	model:	ir302	scope:	eq	version:	ir302 firmware 3.5.4	Trust: 0.8
vendor:	inhand	model:	ir302	scope:	-	version:	-	Trust: 0.8
vendor:	inhand	model:	ir302	scope:	eq	version:	-	Trust: 0.8
vendor:	inhand	model:	networks inrouter302	scope:	eq	version:	v3.5.4	Trust: 0.6

sources: CNVD: CNVD-2022-59184 // JVNDB: JVNDB-2022-009657 // NVD: CVE-2022-25995

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-25995
value:	HIGH
Trust: 1.0
talos-cna@cisco.com:	CVE-2022-25995
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2022-25995
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2022-59184
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202205-3114
value:	HIGH
Trust: 0.6
VULMON:	CVE-2022-25995
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2022-25995
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-59184
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2022-25995
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
talos-cna@cisco.com:	CVE-2022-25995
baseSeverity:	CRITICAL
baseScore:	9.9
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.1
impactScore:	6.0
version:	3.0
Trust: 1.0
NVD:	CVE-2022-25995
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-59184 // VULMON: CVE-2022-25995 // JVNDB: JVNDB-2022-009657 // CNNVD: CNNVD-202205-3114 // NVD: CVE-2022-25995 // NVD: CVE-2022-25995

PROBLEMTYPE DATA

problemtype:	CWE-489	Trust: 1.0
problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-009657 // NVD: CVE-2022-25995

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202205-3114

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202205-3114

PATCH

title:	Patch for InHand Networks InRouter302 Command Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/347291	Trust: 0.6
title:	InHand Networks InRouter302 Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193816	Trust: 0.6

sources: CNVD: CNVD-2022-59184 // CNNVD: CNNVD-202205-3114

EXTERNAL IDS

db:	NVD	id:	CVE-2022-25995	Trust: 3.9
db:	TALOS	id:	TALOS-2022-1477	Trust: 3.1
db:	JVNDB	id:	JVNDB-2022-009657	Trust: 0.8
db:	CNVD	id:	CNVD-2022-59184	Trust: 0.6
db:	CS-HELP	id:	SB2022051611	Trust: 0.6
db:	CNNVD	id:	CNNVD-202205-3114	Trust: 0.6
db:	VULMON	id:	CVE-2022-25995	Trust: 0.1

sources: CNVD: CNVD-2022-59184 // VULMON: CVE-2022-25995 // JVNDB: JVNDB-2022-009657 // CNNVD: CNNVD-202205-3114 // NVD: CVE-2022-25995

REFERENCES

url:	https://talosintelligence.com/vulnerability_reports/talos-2022-1477	Trust: 3.1
url:	https://www.inhandnetworks.com/upload/attachment/202205/10/inhand-psa-2022-01.pdf	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2022-25995	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2022-25995/	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022051611	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2022-59184 // VULMON: CVE-2022-25995 // JVNDB: JVNDB-2022-009657 // CNNVD: CNNVD-202205-3114 // NVD: CVE-2022-25995

SOURCES

db:	CNVD	id:	CNVD-2022-59184
db:	VULMON	id:	CVE-2022-25995
db:	JVNDB	id:	JVNDB-2022-009657
db:	CNNVD	id:	CNNVD-202205-3114
db:	NVD	id:	CVE-2022-25995

LAST UPDATE DATE

2024-11-23T21:32:27.688000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-59184	date:	2022-08-25T00:00:00
db:	VULMON	id:	CVE-2022-25995	date:	2022-05-23T00:00:00
db:	JVNDB	id:	JVNDB-2022-009657	date:	2023-08-07T08:14:00
db:	CNNVD	id:	CNNVD-202205-3114	date:	2022-05-24T00:00:00
db:	NVD	id:	CVE-2022-25995	date:	2024-11-21T06:53:17.580

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-59184	date:	2022-08-25T00:00:00
db:	VULMON	id:	CVE-2022-25995	date:	2022-05-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-009657	date:	2023-08-07T00:00:00
db:	CNNVD	id:	CNNVD-202205-3114	date:	2022-05-12T00:00:00
db:	NVD	id:	CVE-2022-25995	date:	2022-05-12T17:15:10.410