501 matches found
CVE-2022-27269
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component configovpn. This vulnerability is triggered via a crafted packet...
CVE-2022-27268
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the component getcgifrommemory. This vulnerability is triggered via a crafted packet...
CVE-2022-27273
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution RCE vulnerability via the function sub12168. This vulnerability is triggered via a crafted packet...
The vulnerability of InHand Networks InRouter 302 and InRouter 615’s microprogramming software, which stems from the use of insufficiently random values, allows attackers to execute arbitrary code.
The vulnerability of InHand Networks InRouter 302 and InRouter 615 microprogrammed software lies in the use of insufficiently random values. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using the MQTT ClientID parameter...
Industrial Cellular Routers at Risk: 11 New Vulnerabilities Expose OT Networks
Several security vulnerabilities have been disclosed in cloud management platforms associated with three industrial cellular router vendors that could expose operational technology OT networks to external attacks. The findings were presented by Israeli industrial cybersecurity firm OTORIO at the...
The vulnerability of InHand Networks InRouter 302 and InRouter 615’s microprogramming software, related to deficiencies in access control, allows attackers to execute arbitrary commands.
The vulnerability of InHand Networks InRouter 302 and InRouter 615 microprogrammed software lies in the lack of access control mechanisms. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the info.jsp component of InHand Networks’ InRouter302 microprogramming system allows attackers to execute cross-site scripting attacks.
The vulnerability of the info.jsp component of InHand Networks InRouter302 microprogramming system lies in the insufficient protection of the web page structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created web page...
The vulnerability of InHand Networks InRouter302’s microprogramming software arises from the failure to take measures to neutralize the special elements used in the operating system command set. This vulnerability allows a perpetrator to execute arbitrary commands.
The vulnerability of InHand Networks InRouter302 microprogramming software exists due to the lack of measures taken to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of the microprogrammed software consoles of InHand Networks’ InRouter302, due to security flaws in their mechanisms, allows attackers to execute arbitrary code or perform arbitrary commands.
The vulnerability of the microprogrammed software-based routers from InHand Networks, InRouter302, is related to deficiencies in security mechanisms. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or perform arbitrary commands using a specially created request...
CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers
The U.S. Cybersecurity and Infrastructure Security Agency CISA has released several Industrial Control Systems ICS advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio's RTLS Studio...
CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers
The U.S. Cybersecurity and Infrastructure Security Agency CISA has released several Industrial Control Systems ICS advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio's RTLS Studio...
CVE-2023-22601
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this...
CVE-2023-22598
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'. An unauthorized user with privileged access to the...
CVE-2023-22599
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They send MQTT credentials in response to HTTP/HTTPS requests from the cloud platform. These...
CVE-2023-22601
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this...
Command injection
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by default. An...
Command injection
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'. An unauthorized user with privileged access to the...
Design/Logic Flaw
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this...
CVE-2023-22601
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this...
CVE-2023-22601
CVE-2023-22601 affects InHand Networks InRouter302 (pre V3.5.56) and InRouter615 (pre InRouter6XX-S-V2.3.0.r5542). It is CWE-330: Use of Insufficiently Random Values due to improper randomization of MQTT ClientID parameters, enabling an unauthorized user to gather information about other devices ...