466 matches found
EUVD-2023-26737
Malicious code in bioql PyPI...
EUVD-2023-26738
Malicious code in bioql PyPI...
EUVD-2022-31780
Malicious code in bioql PyPI...
EUVD-2022-31781
Malicious code in bioql PyPI...
EUVD-2022-30576
Malicious code in bioql PyPI...
PT-2025-31190 · Undefined · Undefined
CISA Emergency Directive on Industrial Control Systems ICS CISA released Emergency Directive ED 25-03, addressing a critical remote code execution vulnerability CVE-2025-38810 in the "InHand Networks IR615" industrial cellular router. This device is commonly used for...
CVE-2023-22600
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. An...
CVE-2023-22598
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'. An unauthorized user with privileged access to the...
CVE-2023-22599
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They send MQTT credentials in response to HTTP/HTTPS requests from the cloud platform. These...
CVE-2023-22601
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this...
CVE-2022-27277
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file deletion vulnerability via the function sub17C08...
CVE-2022-27270
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component ipsecsecrets. This vulnerability is triggered via a crafted packet...
CVE-2022-27269
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component configovpn. This vulnerability is triggered via a crafted packet...
CVE-2022-27268
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component getcgifrommemory. This vulnerability is triggered via a crafted packet...
CVE-2022-27273
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the function sub12168. This vulnerability is triggered via a crafted packet...
Industrial Cellular Routers at Risk: 11 New Vulnerabilities Expose OT Networks
Several security vulnerabilities have been disclosed in cloud management platforms associated with three industrial cellular router vendors that could expose operational technology OT networks to external attacks. The findings were presented by Israeli industrial cybersecurity firm OTORIO at the...
The vulnerability of InHand Networks InRouter 302 and InRouter 615’s microprogramming software, related to deficiencies in access control, allows attackers to execute arbitrary commands.
The vulnerability of InHand Networks InRouter 302 and InRouter 615 microprogrammed software lies in the lack of access control mechanisms. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the microprogrammed software consoles of InHand Networks’ InRouter302, due to security flaws in their mechanisms, allows attackers to execute arbitrary code or perform arbitrary commands.
The vulnerability of the microprogrammed software-based routers from InHand Networks, InRouter302, is related to deficiencies in security mechanisms. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or perform arbitrary commands using a specially created request...
The vulnerability of the info.jsp component of InHand Networks’ InRouter302 microprogramming system allows attackers to execute cross-site scripting attacks.
The vulnerability of the info.jsp component of InHand Networks InRouter302 microprogramming system lies in the insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created web page...
CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers
The U.S. Cybersecurity and Infrastructure Security Agency CISA has released several Industrial Control Systems ICS advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio's RTLS Studio...