Active Debug Code

CVE-2022-29481

Medium

6.5/10

Summary

A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-489 - Active Debug Code

The application is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

References

Advisory Timeline

Published Nov 09, 2022

Active Debug Code

CVE-2022-29481

Summary

CWE-489 - Active Debug Code

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS