466 matches found
CVE-2023-22597
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by default. An...
PT-2023-1075 · Inhand Networks · Inrouter 615 +1
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 302 versions prior to IR302 V3.5.56 InHand Networks InRouter 615 versions prior to InRouter6XX-S-V2.3.0.r5542 Description: The issue is related to improper neutralization of special elements used in an OS command, whi...
InHand Networks InRouter302 安全漏洞
The InHand Networks InRouter302 is an LTE cellular router from InHand Networks, Inc. A security vulnerability exists in the InHand Networks InRouter302 version prior to V3.5.56, InRouter615 version prior to V2.3.0.r5542, which stems from improper access control...
CISA Releases Twelve Industrial Control Systems Advisories
CISA released twelve Industrial Control Systems ICS advisories on January 12, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for...
PT-2023-2790 · Inhand Networks · Inrouter 615 +1
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 302 versions prior to IR302 V3.5.56 InHand Networks InRouter 615 versions prior to InRouter6XX-S-V2.3.0.r5542 Description: The issue is related to the use of insufficiently random values, specifically with the MQTT...
PT-2023-1283 · Inhand Networks · Inrouter 615 +1
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 302 versions prior to IR302 V3.5.56 InHand Networks InRouter 615 versions prior to InRouter6XX-S-V2.3.0.r5542 Description: The issue is related to improper access control in the software of InHand Networks InRouter 30...
PT-2023-1274 · Inhand Networks · Inrouter302 +1
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 302 versions prior to IR302 V3.5.56 InHand Networks InRouter 615 versions prior to InRouter6XX-S-V2.3.0.r5542 Description: The issue is related to the use of a one-way hash with a predictable salt, allowing an...
PT-2023-1275 · Inhand Networks · Inrouter302 +1
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 302 versions prior to IR302 V3.5.56 InHand Networks InRouter 615 versions prior to InRouter6XX-S-V2.3.0.r5542 Description: The issue is related to the use of an unsecured channel for data transmission by default, whic...
InHand Networks InRouter 900 Industrial 4G Router Command Injection (CVE-2022-27268; CVE-2022-27273; CVE-2022-27275; CVE-2022-27276)
A command injection vulnerability exists in InHand Networks InRouter 900 Industrial 4G Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2022-29888
A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2022-30543
A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-28689
A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-29481
A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-25932
The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability...
CVE-2022-26023
A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability...
Information disclosure
The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability...
Code injection
A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability...
Code injection
A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability...
Design/Logic Flaw
A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability...
Code injection
A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...