CVE-2022-30543 - Vulnerability Details - OpenCVE

A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Inhandnetworks	Ir302 Ir302 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:inhandnetworks:ir302_firmware:3.5.45:*:*:*:*:*:*:*

cpe:2.3:h:inhandnetworks:ir302:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf
https://talosintelligence.com/vulnerability_reports/TALOS-2022-1519

History

Tue, 15 Apr 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: talos

Published: 2022-11-09T17:35:40.288Z

Updated: 2025-04-15T18:40:37.531Z

Reserved: 2022-05-13T00:00:00.000Z

Link: CVE-2022-30543

Vulnrichment

Updated: 2024-08-03T06:48:36.396Z

NVD

Status : Modified

Published: 2022-11-09T18:15:14.983

Modified: 2024-11-21T07:02:54.673

Link: CVE-2022-30543

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-30543", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "assignerShortName": "talos", "datePublished": "2022-11-09T17:35:40.288Z", "dateUpdated": "2025-04-15T18:40:37.531Z", "dateReserved": "2022-05-13T00:00:00.000Z"}, "containers": {"cna": {"datePublic": "2022-10-27T00:00:00.000Z", "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2022-11-09T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability."}], "affected": [{"vendor": "InHand Networks", "product": "InRouter302", "versions": [{"version": "V3.5.45", "status": "affected"}]}], "references": [{"url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1519"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-489: Leftover Debug Code", "cweId": "CWE-489"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:48:36.396Z"}, "title": "CVE Program Container", "references": [{"url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf", "tags": ["x_transferred"]}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1519", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-15T18:16:24.391659Z", "id": "CVE-2022-30543", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T18:40:37.531Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf", "tags": ["x_transferred"]}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1519", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:48:36.396Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-30543", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-15T18:16:24.391659Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T18:16:25.997Z"}}], "cna": {"metrics": [{"cvssV3_0": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "InHand Networks", "product": "InRouter302", "versions": [{"status": "affected", "version": "V3.5.45"}]}], "datePublic": "2022-10-27T00:00:00.000Z", "references": [{"url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf"}, {"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1519"}], "descriptions": [{"lang": "en", "value": "A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-489", "description": "CWE-489: Leftover Debug Code"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2022-11-09T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-30543", "state": "PUBLISHED", "dateUpdated": "2025-04-15T18:40:37.531Z", "dateReserved": "2022-05-13T00:00:00.000Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2022-11-09T17:35:40.288Z", "assignerShortName": "talos"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:inhandnetworks:ir302_firmware:3.5.45:*:*:*:*:*:*:*", "matchCriteriaId": "CCD75096-9011-4F14-BE6C-B64A187954F0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:inhandnetworks:ir302:-:*:*:*:*:*:*:*", "matchCriteriaId": "0E358655-E442-4D2C-B0B8-03C6780EC55C", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability."}, {"lang": "es", "value": "Existe una vulnerabilidad de c\u00f3digo de depuraci\u00f3n sobrante en la funcionalidad de infecci\u00f3n de la consola de InHand Networks InRouter302 V3.5.45. Una serie de solicitudes de red especialmente manipuladas pueden conducir a la ejecuci\u00f3n de operaciones privilegiadas. Un atacante puede enviar una secuencia de solicitudes para desencadenar esta vulnerabilidad."}], "id": "CVE-2022-30543", "lastModified": "2024-11-21T07:02:54.673", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "talos-cna@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-09T18:15:14.983", "references": [{"source": "talos-cna@cisco.com", "tags": ["Vendor Advisory"], "url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf"}, {"source": "talos-cna@cisco.com", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1519"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Technical Description", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2022-1519"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-489"}], "source": "talos-cna@cisco.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}