466 matches found
PT-2022-18346 · Inhand Networks · Inrouter 900 Industrial 4G Router
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 900 Industrial 4G Router versions prior to v1.0.0.r11700 Description: The issue is related to a remote code execution RCE vulnerability. It is triggered via a crafted packet and involves the function sub 1791C...
InHand Networks InRouter 900 操作系统命令注入漏洞
The InHand Networks InRouter 900 is a series of industrial routers from InHand Networks, U.S.A. A security vulnerability exists in the InHand Networks InRouter 900 Industrial 4G Router, and no details of the vulnerability are currently available...
PT-2022-18349 · Inhand Networks · Inrouter 900 Industrial 4G Router
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 900 Industrial 4G Router versions prior to v1.0.0.r11700 Description: The issue is related to a remote code execution vulnerability. It is triggered via a crafted packet and involves the function sub 122D0...
PT-2022-18345 · Inhand Networks · Inrouter 900
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 900 Industrial 4G Router versions prior to v1.0.0.r11700 Description: The issue is related to a remote code execution vulnerability triggered by a crafted packet via the python-lib component. Recommendations: For...
PT-2022-18347 · Inhand Networks · Inrouter 900 Industrial 4G Router
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 900 Industrial 4G Router versions prior to 1.0.0.r11700 Description: A remote code execution issue was discovered, which can be triggered by a crafted packet via the function sub 12168. Recommendations: For versions...
PT-2022-18341 · Inhand Networks · Inrouter 900 Industrial 4G Router
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 900 Industrial 4G Router versions prior to 1.0.0.r11700 Description: A remote code execution issue was discovered in the get cgi from memory component. This issue can be triggered by a crafted packet, allowing for...
CVE-2021-38470
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a ping tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device...
CVE-2021-38484
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scriptin...
CVE-2021-38476
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts...
CVE-2021-38468
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system...
CVE-2021-38478
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device...
CVE-2021-38474
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. This may allow an attacker to execute a brute-force password attack with no time limitation and without harming the normal operation of the user. Th...
CVE-2021-38472
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the router’s management portal and could lure the administrator to perform...
CVE-2021-38486
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to...
CVE-2021-38482
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 website used to control the router is vulnerable to stored cross-site scripting, which may allow an attacker to hijack sessions of users connected to the system...
CVE-2021-38484
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scriptin...
CVE-2021-38480
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the router’s management portal, such as makin...
CVE-2021-38476
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts...
CVE-2021-38472
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the router’s management portal and could lure the administrator to perform...
CVE-2021-38468
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system...