VYPR

Inrouter 302

by InHand Networks

CVEs (30)

  • CVE-2022-26085May 12, 2022
    risk 0.00cvss epss 0.13

    An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.

  • CVE-2022-26042May 12, 2022
    risk 0.00cvss epss 0.09

    An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.

  • CVE-2022-26020May 12, 2022
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.

  • CVE-2022-26007May 12, 2022
    risk 0.00cvss epss 0.05

    An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.

  • CVE-2022-25995May 12, 2022
    risk 0.00cvss epss 0.02

    A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.

  • CVE-2022-25172May 12, 2022
    risk 0.00cvss epss 0.01

    An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack,…

  • CVE-2022-24910May 12, 2022
    risk 0.00cvss epss 0.01

    A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.

  • CVE-2022-21809May 12, 2022
    risk 0.00cvss epss 0.02

    A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability.

  • CVE-2022-21238May 12, 2022
    risk 0.00cvss epss 0.01

    A cross-site scripting (xss) vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.

  • CVE-2022-21182May 12, 2022
    risk 0.00cvss epss 0.02

    A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.

Page 2 of 2