🛡️ CVE-2023-22598
🟠 CVSS 7.2 — High ✅ No Known Exploit CWE-78 NVD
7.2
CVSS Score
0 Low4 Medium7 High9 Critical10

Description

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). An unauthorized user with privileged access to the local web interface or the cloud account managing the affected devices could push a specially crafted configuration update file to gain root access. This could lead to remote code execution with root privileges.

Details

Severity HIGH
CVSS Score 7.2
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE CWE-78
Public Exploit ✅ No
Source NVD
Published 2023-01-12
Updated 2026-06-08
Modified 2024-11-21
Fix URL N/A

Affected Packages

Software From version Fixed in
inrouter302-firmware 3.5.56
inrouter615-s-firmware 2.3.0.r5542

References

Third Party Advisory, US Government Resource https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-03
Third Party Advisory, US Government Resource https://www.cisa.gov/uscert/ics/advisories/icsa-23-012-03

Similar Threats

Exploit Protection

Help block exploit attempts

BotEraser is designed to detect and help reduce malicious bot traffic that may target known vulnerabilities on your site.

Try BotEraser Free →

No credit card required  ·  Results in minutes

ⓘ Data Notice: The information presented above has been compiled from publicly available internet sources. Boteraser aggregates this data solely for informational purposes and does not independently classify, evaluate, or endorse any findings about the vulnerabilities listed. The accuracy and completeness of this information is the sole responsibility of the original publishers. Boteraser and its operators accept no liability for any decisions made based on this data.