How severe is CVE-2022-26782?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.9 out of 10.

What type of vulnerability is CVE-2022-26782?

This is classified as CWE-20, which is a common weakness in software security.

CVE-2022-26782 - CRITICAL Severity | CVSS 9.9

Vulnerability Description

Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_set_item` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution.

Related Vulnerabilities

CVE-2018-20162

CRITICAL

CVSS:9.9(Critical)

Digi TransPort LR54 4.4.0.26 and possible earlier devices have Improper Input Validation that allows users with 'super' CLI access privileges to bypass a restricted shell and execute arbitrary command...

CWE-202018

CVE-2021-3781

CRITICAL

CVSS:9.9(Critical)

A trivial sandbox (enabled with the `-dSAFER` option) escape flaw was found in the ghostscript interpreter by injecting a specially crafted pipe command. This flaw allows a specially crafted document ...

CWE-202021

CVE-2021-43779

CRITICAL

CVSS:9.9(Critical)

GLPI is an open source IT Asset Management, issue tracking system and service desk system. The GLPI addressing plugin in versions < 2.9.1 suffers from authenticated Remote Code Execution vulnerability...

CWE-202021