Active Debug Code

CVE-2022-28689

High

8.8/10

Summary

A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-489 - Active Debug Code

The application is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

References

Advisory Timeline

Published Nov 09, 2022

Active Debug Code

CVE-2022-28689

Summary

CWE-489 - Active Debug Code

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS