501 matches found
PT-2023-1274 · Inhand Networks · Inrouter302 +1
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 302 versions prior to IR302 V3.5.56 InHand Networks InRouter 615 versions prior to InRouter6XX-S-V2.3.0.r5542 Description: The issue is related to the use of a one-way hash with a predictable salt, allowing an...
PT-2023-1275 · Inhand Networks · Inrouter302 +1
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter 302 versions prior to IR302 V3.5.56 InHand Networks InRouter 615 versions prior to InRouter6XX-S-V2.3.0.r5542 Description: The issue is related to the use of an unsecured channel for data transmission by default, whic...
InHand Networks InRouter 900 Industrial 4G Router Command Injection (CVE-2022-27268; CVE-2022-27273; CVE-2022-27275; CVE-2022-27276)
A command injection vulnerability exists in InHand Networks InRouter 900 Industrial 4G Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
CVE-2022-29888
A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2022-30543
A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-29481
A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-30543
A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-28689
A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-25932
The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability...
CVE-2022-26023
A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability...
Code injection
A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability...
Information disclosure
The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability...
Code injection
A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...
Code injection
A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability...
Code injection
A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability...
Design/Logic Flaw
A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2022-30543
A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-30543
CVE-2022-30543 affects InHand Networks InRouter302 (V3.5.45). TALOS-2022-1519 documents a leftover debug code vulnerability in the console infct feature that, with specially crafted requests, can lead to execution of privileged operations. The InRouter302 exposes telnet/sshd for console access, a...
CVE-2022-30543
A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-29888
A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability...