CVE-2023-22598: OS Command Injection
First published: Thu Jan 12 2023(Updated: )
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). An unauthorized user with privileged access to the local web interface or the cloud account managing the affected devices could push a specially crafted configuration update file to gain root access. This could lead to remote code execution with root privileges.
Credit: ics-cert@hq.dhs.gov
| Affected Software | Affected Version | How to fix |
|---|---|---|
| InHand Networks InRouter 302 | ||
| InHand Networks InRouter 615 | ||
| Inhand Networks InRouter302 | <3.5.56 | |
| Inhandnetworks Inrouter302 Firmware | ||
| Inhandnetworks Inrouter615-s Firmware | <2.3.0.r5542 | |
| InHand Networks InRouter 615-S |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-22598?
CVE-2023-22598 is classified under CWE-78, indicating a high severity due to OS command injection risks.
How do I fix CVE-2023-22598?
To mitigate CVE-2023-22598, update the InRouter 302 firmware to version IR302 V3.5.56 or the InRouter 615 firmware to version InRouter6XX-S-V2.3.0.r5542.
What devices are affected by CVE-2023-22598?
CVE-2023-22598 affects InHand Networks InRouter 302 and InRouter 615 models running firmware versions earlier than specified thresholds.
What is the nature of the vulnerability in CVE-2023-22598?
CVE-2023-22598 involves improper neutralization of special elements, allowing potential command injection by unauthorized privileged users.
Is there a known exploit for CVE-2023-22598?
As of now, there is no public evidence of an exploit specifically targeting CVE-2023-22598, but the vulnerability poses significant risk.
- agent/weakness
- agent/type
- agent/severity
- agent/author
- agent/description
- agent/first-publish-date
- agent/references
- agent/event
- agent/softwarecombine
- agent/trending
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/ics-cert-advisory
- source/ICS
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/inhand networks
- canonical/inhand networks inrouter 302
- canonical/inhand networks inrouter 615
- vendor/inhandnetworks
- canonical/inhand networks inrouter302
- canonical/inhandnetworks inrouter302 firmware
- canonical/inhandnetworks inrouter615-s firmware
- canonical/inhand networks inrouter 615-s