VYPR

Inrouter 302

by InHand Networks

CVEs (30)

  • CVE-2022-26518May 12, 2022
    risk 0.01cvss epss 0.05

    An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this…

  • CVE-2022-26420May 12, 2022
    risk 0.01cvss epss 0.06

    An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this…

  • CVE-2022-26075May 12, 2022
    risk 0.01cvss epss 0.06

    An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this…

  • CVE-2022-26002May 12, 2022
    risk 0.01cvss epss 0.03

    A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious packets to trigger this…

  • CVE-2023-22601Jan 12, 2023
    risk 0.00cvss epss 0.01

    InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could…

  • CVE-2023-22600Jan 12, 2023
    risk 0.00cvss epss 0.00

    InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device…

  • CVE-2023-22599Jan 12, 2023
    risk 0.00cvss epss 0.00

    InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They  send MQTT credentials in response to HTTP/HTTPS requests from the…

  • CVE-2023-22598Jan 12, 2023
    risk 0.00cvss epss 0.02

    InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). An unauthorized user with…

  • CVE-2023-22597Jan 12, 2023
    risk 0.00cvss epss 0.01

    InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by…

  • CVE-2022-30543Nov 9, 2022
    risk 0.00cvss epss 0.01

    A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this…

  • CVE-2022-29888Nov 9, 2022
    risk 0.00cvss epss 0.01

    A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability.

  • CVE-2022-29481Nov 9, 2022
    risk 0.00cvss epss 0.01

    A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.

  • CVE-2022-28689Nov 9, 2022
    risk 0.00cvss epss 0.01

    A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.

  • CVE-2022-26023Nov 9, 2022
    risk 0.00cvss epss 0.01

    A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this…

  • CVE-2022-25932Nov 9, 2022
    risk 0.00cvss epss 0.01

    The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability.

  • CVE-2022-27172May 12, 2022
    risk 0.00cvss epss 0.01

    A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability.

  • CVE-2022-26782May 12, 2022
    risk 0.00cvss epss 0.03

    Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An…

  • CVE-2022-26781May 12, 2022
    risk 0.00cvss epss 0.03

    Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An…

  • CVE-2022-26780May 12, 2022
    risk 0.00cvss epss 0.03

    Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An…

  • CVE-2022-26510May 12, 2022
    risk 0.00cvss epss 0.01

    A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability.

Page 1 of 2