VYPR

InRouter 615

by InHand Networks

CVEs (5)

  • CVE-2023-22601Jan 12, 2023
    risk 0.00cvss epss 0.01

    InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could…

  • CVE-2023-22600Jan 12, 2023
    risk 0.00cvss epss 0.00

    InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device…

  • CVE-2023-22599Jan 12, 2023
    risk 0.00cvss epss 0.00

    InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They  send MQTT credentials in response to HTTP/HTTPS requests from the…

  • CVE-2023-22598Jan 12, 2023
    risk 0.00cvss epss 0.02

    InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). An unauthorized user with…

  • CVE-2023-22597Jan 12, 2023
    risk 0.00cvss epss 0.01

    InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by…