CVE-2022-26420 CRITICAL

CVE-2022-26420

Vendor Inhand Networks

Product InRouter302

Weakness CWE-78

Published May 12, 2022

Last update April 15, 2025

View on NVD All CVEs

CVSS base score

9.9/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.

Key dates

02Disclosure timeline

May 12, 2022 CVE published

April 15, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-26420

Related vulnerabilities

04Related CVE

CVE-2026-9208 Tanium addressed an unauthorized code execution vulnerability in Connect. CVE-2024-28750 ifm: Deleting function in Smart PLC allows command injections CVE-2024-4299 HGiga iSherlock - Command Injection CVE-2026-26280 Systeminformation has a Command Injection via unsanitized interface parameter in wifi.js retry path CVE-2023-4411 TOTOLINK EX1200L setTracerouteCfg os command injection