CVE-2022-25932

Опубликовано: 09 нояб. 2022

Источник: nvd

CVSS3: 7.4

CVSS3: 9.8

EPSS Низкий

Описание

The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability.

Ссылки

https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf
Vendor Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1523
Third Party Advisory
https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf
Vendor Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1523
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:inhandnetworks:inrouter302_firmware:*:*:*:*:*:*:*:*

Версия до 3.5.56 (исключая)

cpe:2.3:h:inhandnetworks:inrouter302:-:*:*:*:*:*:*:*

EPSS

Процентиль: 65%

0.00488

Низкий

7.4 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-284

NVD-CWE-noinfo

Связанные уязвимости

GHSA-77rh-r8h5-mfmc

CVSS3: 9.8

github

около 3 лет назад

EPSS

Процентиль: 65%

0.00488

Низкий

7.4 High

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-284

NVD-CWE-noinfo