ID
VAR-202205-1031
CVE
CVE-2022-26780
TITLE
InHand Networks of ir302 Firmware Input Validation Vulnerability
Trust: 0.8
sources:
JVNDB: JVNDB-2022-009647
DESCRIPTION
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_init` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. (DoS) It may be in a state. InHand Networks InRouter Series is a series of routers from InHand Networks in the United States
Trust: 2.25
sources:
NVD: CVE-2022-26780 //
JVNDB: JVNDB-2022-009647 //
CNVD: CNVD-2022-59186 //
VULMON: CVE-2022-26780
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2022-59186
AFFECTED PRODUCTS
| vendor: | inhandnetworks | model: | ir302 | scope: | lte | version: | 3.5.37 | Trust: 1.0 |
| vendor: | inhand | model: | ir302 | scope: | lte | version: | ir302 firmware 3.5.37 and earlier | Trust: 0.8 |
| vendor: | inhand | model: | ir302 | scope: | - | version: | - | Trust: 0.8 |
| vendor: | inhand | model: | ir302 | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | inhand | model: | networks inrouter302 | scope: | eq | version: | v3.5.4 | Trust: 0.6 |
sources:
CNVD: CNVD-2022-59186 //
JVNDB: JVNDB-2022-009647 //
NVD: CVE-2022-26780
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2022-59186 //
VULMON: CVE-2022-26780 //
JVNDB: JVNDB-2022-009647 //
CNNVD: CNNVD-202205-3107 //
NVD: CVE-2022-26780 //
NVD: CVE-2022-26780
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.0 |
| problemtype: | Inappropriate input confirmation (CWE-20) [NVD evaluation ] | Trust: 0.8 |
sources:
JVNDB: JVNDB-2022-009647 //
NVD: CVE-2022-26780
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202205-3107
TYPE
input validation error
Trust: 0.6
sources:
CNNVD: CNNVD-202205-3107
PATCH
| title: | Patch for InHand Networks InRouter302 Input Validation Error Vulnerability (CNVD-2022-59186) | url: | https://www.cnvd.org.cn/patchInfo/show/347271 | Trust: 0.6 |
| title: | InHand Networks InRouter302 Enter the fix for the verification error vulnerability | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=193809 | Trust: 0.6 |
sources:
CNVD: CNVD-2022-59186 //
CNNVD: CNNVD-202205-3107
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-26780 | Trust: 3.9 |
| db: | TALOS | id: | TALOS-2022-1481 | Trust: 2.5 |
| db: | JVNDB | id: | JVNDB-2022-009647 | Trust: 0.8 |
| db: | CNVD | id: | CNVD-2022-59186 | Trust: 0.6 |
| db: | CS-HELP | id: | SB2022051611 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202205-3107 | Trust: 0.6 |
| db: | VULMON | id: | CVE-2022-26780 | Trust: 0.1 |
sources:
CNVD: CNVD-2022-59186 //
VULMON: CVE-2022-26780 //
JVNDB: JVNDB-2022-009647 //
CNNVD: CNNVD-202205-3107 //
NVD: CVE-2022-26780
REFERENCES
| url: | https://www.inhandnetworks.com/upload/attachment/202205/10/inhand-psa-2022-01.pdf | Trust: 3.1 |
| url: | https://talosintelligence.com/vulnerability_reports/talos-2022-1481 | Trust: 2.5 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-26780 | Trust: 0.8 |
| url: | https://www.cybersecurity-help.cz/vdb/sb2022051611 | Trust: 0.6 |
| url: | https://cxsecurity.com/cveshow/cve-2022-26780/ | Trust: 0.6 |
| url: | https://cwe.mitre.org/data/definitions/20.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
CNVD: CNVD-2022-59186 //
VULMON: CVE-2022-26780 //
JVNDB: JVNDB-2022-009647 //
CNNVD: CNNVD-202205-3107 //
NVD: CVE-2022-26780
SOURCES
| db: | CNVD | id: | CNVD-2022-59186 |
| db: | VULMON | id: | CVE-2022-26780 |
| db: | JVNDB | id: | JVNDB-2022-009647 |
| db: | CNNVD | id: | CNNVD-202205-3107 |
| db: | NVD | id: | CVE-2022-26780 |
LAST UPDATE DATE
2024-11-23T21:32:27.369000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2022-59186 | date: | 2022-08-25T00:00:00 |
| db: | VULMON | id: | CVE-2022-26780 | date: | 2022-05-23T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-009647 | date: | 2023-08-07T08:14:00 |
| db: | CNNVD | id: | CNNVD-202205-3107 | date: | 2022-05-24T00:00:00 |
| db: | NVD | id: | CVE-2022-26780 | date: | 2024-11-21T06:54:29.547 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2022-59186 | date: | 2022-08-25T00:00:00 |
| db: | VULMON | id: | CVE-2022-26780 | date: | 2022-05-12T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-009647 | date: | 2023-08-07T00:00:00 |
| db: | CNNVD | id: | CNNVD-202205-3107 | date: | 2022-05-12T00:00:00 |
| db: | NVD | id: | CVE-2022-26780 | date: | 2022-05-12T17:15:10.960 |