Security Vulnerabilities - CVEs Published In May 2022
A cross-site scripting (xss) vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.
CVSS Score
5.4
EPSS Score
0.02
Published
2022-05-12
A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability.
CVSS Score
9.9
EPSS Score
0.014
Published
2022-05-12
Uncontrolled search path in the Intel(R) XTU software before version 7.3.0.33 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVSS Score
7.3
EPSS Score
0.001
Published
2022-05-12
Improper buffer restrictions in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Score
6.7
EPSS Score
0.001
Published
2022-05-12
Improper input validation in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Score
6.7
EPSS Score
0.001
Published
2022-05-12
A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVSS Score
8.2
EPSS Score
0.031
Published
2022-05-12
An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the session cookie.
CVSS Score
7.5
EPSS Score
0.003
Published
2022-05-12
A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVSS Score
9.9
EPSS Score
0.019
Published
2022-05-12
A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.
CVSS Score
9.1
EPSS Score
0.077
Published
2022-05-12
An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVSS Score
9.1
EPSS Score
0.035
Published
2022-05-12