Filtered by vendor Inhandnetworks
Subscribe
Search
Total
41 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-27275 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_122D0. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2022-27276 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_10F2C. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2022-27268 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component get_cgi_from_memory. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2022-27269 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component config_ovpn. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2022-27270 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component ipsec_secrets. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2022-27271 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component python-lib. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2022-27272 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_1791C. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2022-27273 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12168. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2022-27274 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2023-08-08 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12028. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2022-21182 | 1 Inhandnetworks | 2 Inrouter302, Inrouter302 Firmware | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-21238 | 1 Inhandnetworks | 2 Inrouter302, Inrouter302 Firmware | 2022-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (xss) vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-21809 | 1 Inhandnetworks | 2 Inrouter302, Inrouter302 Firmware | 2022-05-23 | 5.5 MEDIUM | 8.1 HIGH |
| A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability. | |||||
| CVE-2022-27172 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-25172 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the session cookie. | |||||
| CVE-2022-24910 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 4.6 MEDIUM | 6.7 MEDIUM |
| A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26782 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_set_item` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. | |||||
| CVE-2022-26781 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_print` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. | |||||
| CVE-2022-26780 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_init` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. | |||||
| CVE-2022-25995 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 9.0 HIGH | 8.8 HIGH |
| A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26002 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 6.5 MEDIUM | 7.2 HIGH |
| A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. | |||||
| CVE-2022-26007 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 9.0 HIGH | 7.2 HIGH |
| An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26020 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-26042 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26075 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 9.0 HIGH | 8.8 HIGH |
| An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26085 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2022-26420 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 9.0 HIGH | 8.8 HIGH |
| An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26510 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26518 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2022-05-23 | 6.5 MEDIUM | 8.8 HIGH |
| An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2021-38478 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2021-10-25 | 6.5 MEDIUM | 9.1 CRITICAL |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device. | |||||
| CVE-2021-38476 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2021-10-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts. | |||||
| CVE-2021-38480 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2021-10-22 | 9.3 HIGH | 8.8 HIGH |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the router’s management portal, such as making configuration changes, changing administrator credentials, and running system commands on the router. | |||||
| CVE-2021-38482 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2021-10-22 | 3.5 LOW | 4.8 MEDIUM |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 website used to control the router is vulnerable to stored cross-site scripting, which may allow an attacker to hijack sessions of users connected to the system. | |||||
| CVE-2021-38486 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2021-10-22 | 6.0 MEDIUM | 8.5 HIGH |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected. | |||||
| CVE-2021-38484 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2021-10-22 | 9.0 HIGH | 7.2 HIGH |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scripting, deletion of system files, and remote code execution. | |||||
| CVE-2021-38464 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2021-10-22 | 5.8 MEDIUM | 7.4 HIGH |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session. | |||||
| CVE-2021-38462 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2021-10-22 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf. | |||||
| CVE-2021-38468 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2021-10-22 | 3.5 LOW | 4.8 MEDIUM |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system. | |||||
| CVE-2021-38474 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2021-10-22 | 5.0 MEDIUM | 9.8 CRITICAL |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. This may allow an attacker to execute a brute-force password attack with no time limitation and without harming the normal operation of the user. This could allow an attacker to gain valid credentials for the product interface. | |||||
| CVE-2021-38466 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2021-10-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page. This may allow an attacker to perform a reflected cross-site scripting attack, which could allow an attacker to run code on behalf of the client browser. | |||||
| CVE-2021-38472 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2021-10-22 | 4.3 MEDIUM | 4.7 MEDIUM |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the router’s management portal and could lure the administrator to perform changes. | |||||
| CVE-2021-38470 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2021-10-22 | 6.5 MEDIUM | 9.1 CRITICAL |
| InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a ping tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device. | |||||