Filtered by vendor Inhandnetworks
Subscribe
Search
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-21238 | 1 Inhandnetworks | 2 Inrouter302, Inrouter302 Firmware | 2022-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (xss) vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-25172 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the session cookie. | |||||
| CVE-2022-24910 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26020 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-26510 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2021-38476 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2021-10-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts. | |||||
| CVE-2021-38482 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2021-10-22 | 3.5 LOW | 4.8 MEDIUM |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 website used to control the router is vulnerable to stored cross-site scripting, which may allow an attacker to hijack sessions of users connected to the system. | |||||
| CVE-2021-38468 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2021-10-22 | 3.5 LOW | 4.8 MEDIUM |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system. | |||||
| CVE-2021-38466 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2021-10-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page. This may allow an attacker to perform a reflected cross-site scripting attack, which could allow an attacker to run code on behalf of the client browser. | |||||
| CVE-2021-38472 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2021-10-22 | 4.3 MEDIUM | 4.7 MEDIUM |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the router’s management portal and could lure the administrator to perform changes. | |||||