Lucene search
K

466 matches found

Prion
Prion
added 2022/05/12 5:15 p.m.20 views

Information disclosure

An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the sessi...

4.3CVSS5.8AI score0.00877EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/05/12 5:15 p.m.12 views

Command injection

An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...

6.5CVSS8.9AI score0.08599EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/05/12 5:15 p.m.11 views

Cross site scripting

A cross-site scripting xss vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability...

4.3CVSS6.1AI score0.01362EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/05/12 5:15 p.m.16 views

Command injection

An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability...

9CVSS7.1AI score0.05297EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/05/12 5:15 p.m.14 views

Stack overflow

A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious packets to trigger this vulnerability...

6.5CVSS7.4AI score0.0304EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/05/12 5:1 p.m.25 views

CVE-2022-27172

A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability...

4.3CVSS8.9AI score0.01003EPSS
Exploits1References2
CVE
CVE
added 2022/05/12 5:1 p.m.70 views

CVE-2022-27172

CVE-2022-27172 affects InHand Networks InRouter302 (V3.5.37). Talos and CNVD/CVE records confirm a hard-coded password vulnerability in the console infactory functionality that enables privileged operation execution when a crafted network sequence is sent. The vulnerability is demonstrated by a p...

8.8CVSS8.6AI score0.01003EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/05/12 5:1 p.m.7 views

CVE-2022-27172

A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability...

4.3CVSS8.6AI score0.01003EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/05/12 5:1 p.m.7 views

CVE-2022-26782

Multiple improper input validation vulnerabilities exists in the libnvram.so nvramimport functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input...

9.9CVSS9AI score0.03044EPSS
Exploits1References2
CVE
CVE
added 2022/05/12 5:1 p.m.74 views

CVE-2022-26782

The CVE-2022-26782 entry concerns InHand Networks InRouter302 (V3.5.4) with multiple improper input validations in the web stack. Specifically, remote code execution could be triggered via two paths: (1) libnvram.so nvram_import handling of uploaded config data, where values are not validated for...

9.9CVSS8.9AI score0.03044EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/05/12 5:1 p.m.19 views

CVE-2022-26782

Multiple improper input validation vulnerabilities exists in the libnvram.so nvramimport functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input...

9.9CVSS9.2AI score0.03044EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/05/12 5:1 p.m.9 views

CVE-2022-26781

Multiple improper input validation vulnerabilities exists in the libnvram.so nvramimport functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input...

9.9CVSS9AI score0.02622EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/05/12 5:1 p.m.17 views

CVE-2022-26781

Multiple improper input validation vulnerabilities exists in the libnvram.so nvramimport functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input...

9.9CVSS9.2AI score0.02622EPSS
Exploits1References2
CVE
CVE
added 2022/05/12 5:1 p.m.74 views

CVE-2022-26781

Summary: CVE-2022-26781 affects InHand Networks InRouter302 v3.5.4. Multiple input-validation flaws in the libnvram.so nvram_import function and in httpd components (user_define_print, user_define_init, user_define_set_item) allow crafted input to trigger remote code execution. The root cause is ...

9.9CVSS9AI score0.02622EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/05/12 5:1 p.m.33 views

CVE-2022-26780

Multiple improper input validation vulnerabilities exists in the libnvram.so nvramimport functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input...

9.9CVSS9.2AI score0.03044EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/05/12 5:1 p.m.6 views

CVE-2022-26780

Multiple improper input validation vulnerabilities exists in the libnvram.so nvramimport functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input...

9.9CVSS9AI score0.03044EPSS
Exploits1References2
CVE
CVE
added 2022/05/12 5:1 p.m.72 views

CVE-2022-26780

InHand Networks InRouter302 (V3.5.4) contains multiple input-validation flaws in the web server and libnvram (nvram_import) that can be triggered via specially crafted files or by manipulating the user_define_timeout nvram value. Citations describe stack-based buffer overflows in httpd functions ...

9.9CVSS9AI score0.03044EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/05/12 5:1 p.m.57 views

CVE-2022-26518

MODE C InRouter302 (InHand Networks) OS command injection vulnerability exists in the console infactory_net functionality (V3.5.37). TALOS-2022-1501 shows the net_functionality path parses a first argument and optionally a second; when the second argument is supplied as part of the test branch, i...

9.9CVSS9AI score0.04843EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/05/12 5:1 p.m.20 views

CVE-2022-26518

An OS command injection vulnerability exists in the console infactorynet functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...

9.9CVSS9.2AI score0.04843EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/05/12 5:1 p.m.4 views

CVE-2022-26518

An OS command injection vulnerability exists in the console infactorynet functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...

9.9CVSS9.2AI score0.04843EPSS
Exploits1References2
Rows per page
Query Builder