CVE-2022-25932 InHand Networks InRouter302 V3.5.45 fixes TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete

On InRouter302 V3.5.45, the web server does not require a valid X.509 certificate for the HTTPS connection. This configuration change weakens the integrity of the web server. An attacker can exploit this vulnerability to obtain information about the web server.

On InRouter302 V3.5.45, the web server does not require a valid X.509 certificate for the HTTPS connection. This configuration change weakens the integrity of the web server. An attacker can exploit this vulnerability to obtain information about the web server. The TALOS-2022-1476 vulnerability on InRouter302 V3.5.45 can be exploited to gain unauthorized access to the network. The attacker can obtain information about the network or even change the system settings.

On InRouter302 V3.5.45, the TALOS-2022-1476 vulnerability can be exploited to gain unauthorized access to the network. The attacker can obtain information about the network or even change the system settings. The TALOS-2022-1474 vulnerability on InRouter302 V3.5.45 can be exploited to gain unauthorized access to the network. The attacker can obtain information about the network or even change the system settings.
InHand Networks InRouter302 V3.5.45 does not require authentication to access the virtual server. An attacker can exploit this vulnerability to gain unauthorized access to the network.
InHand

InRouter302 V3.5.44

On InRouter302 V3.5.44, the web server does not require a valid X.509 certificate for the HTTPS connection. This configuration change weakens the integrity of the web server. An attacker can exploit this vulnerability to obtain information about the web server.
On InRouter302 V3.5.44, the TALOS-2022-1476 vulnerability can be exploited to gain unauthorized access to the network. The attacker can obtain information about the network or even change the system settings.
InHand Networks InRouter302 V3.5.44 does not require authentication to access the virtual server. An attacker can exploit this vulnerability to gain unauthorized access to the network and/or change system settings

TALOS-2022-1475 vulnerability on InRouter302 V3.5.45

On InRouter302 V3.5.45, the TALOS-2022-1475 vulnerability can be exploited to gain unauthorized access to the network. The attacker can obtain information about the network or even change the system settings.
InHand Networks InRouter302 V3.5.45 does not require authentication to access the virtual server. An attacker can exploit this vulnerability to gain unauthorized access to the network.
InHand Networks InRouter302 V3.5.45 does not require authentication to access the virtual server that is configured with a public IP address and has a static NAT configuration on port 8080 of 192.168.1.254/24 .
An attacker can exploit this vulnerability to gain unauthorized access to the network (CVE-2022-25936).

The TALOS-2022-1476 vulnerability on InRouter302 V3

InHand Networks InRouter302 V3.5.45 does not require authentication to access the virtual server

. An attacker can exploit this vulnerability to gain unauthorized access to the network.

Timeline

Published on: 11/09/2022 18:15:00 UTC
Last modified on: 11/15/2022 15:10:00 UTC

References

• https://talosintelligence.com/vulnerability_reports/TALOS-2022-1523
• https://inhandnetworks.com/upload/attachment/202210/25/InHand-PSA-2022-02.pdf
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-25932