What is CVE-2022-25172?

CVE-2022-25172 is a high-severity vulnerability in Inhand Networks Inrouter302, classified under Sensitive Cookie Without 'HttpOnly' Flag. CVSS score: 7.5/10. Published 2022-05-12.

How severe is CVE-2022-25172?

High severity. CVSS v3 base score is 7.5 out of 10.

Vulnerability in Inhand Networks Inrouter302

CVE-2022-25172

An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an a…

EPSS: 0.003 (54.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Inhand Networks Inrouter302 — versions V3.5.4

Weakness classification (CWE)

CWE-1004 — Sensitive Cookie Without 'HttpOnly' Flag

References

www.inhandnetworks.com/upload/attachment/202205/10/InHand-PSA-2022-01.pdf (x_refsource_CONFIRM)
talosintelligence.com/vulnerability_reports/TALOS-2022-1470 (x_refsource_MISC)

Frequently asked questions

What is CVE-2022-25172?: CVE-2022-25172 is a high-severity vulnerability in Inhand Networks Inrouter302, classified under Sensitive Cookie Without 'HttpOnly' Flag. CVSS score: 7.5/10. Published 2022-05-12.
How severe is CVE-2022-25172?: High severity. CVSS v3 base score is 7.5 out of 10.