501 matches found
CVE-2022-29888
InRouter302 InHand Networks vulnerability (CVE-2022-29888) : Cisco Talos reports a leftover debug code in the httpd on port 4444, specifically in upload.cgi (upload.cgi_input/output). A crafted HTTP POST can cause deletion of arbitrary files via manipulation of type/filename, triggered when the p...
CVE-2022-29481
The CVE-2022-29481 issue affects InHand Networks InRouter302 (V3.5.45). TALOS details a leftover debug code in the router’s console nvram function that can be accessed via the device’s telnet/SSHD console after valid credentials are provided. An attacker could use the hidden nvram commands to rea...
CVE-2022-29481
A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-29481
A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-28689
A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-28689
CVE-2022-28689 affects InHand Networks InRouter302 (v3.5.45). Talos reports a console debug leftover that allows arbitrary command execution when an attacker issues a crafted sequence of requests to the device’s console, enabling a hidden or legacy command path (e.g., a leftover “support” functio...
CVE-2022-28689
A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-26023
A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-26023
The InHand Networks InRouter302 (version 3.5.45) is affected by TALOS-2022-1520: a leftover debug code vulnerability in the console verify function that can disable firmware signature verification. Attackers can trigger this via a crafted sequence of requests or using the console verify command (...
CVE-2022-26023
A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-25932
The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability...
CVE-2022-25932
CVE-2022-25932 affects InHand Networks InRouter302 (v3.5.45). Talos reports that fixes for TALOS-2022-1472 and TALOS-2022-1474 were not effective, leaving a privilege escalation and an information disclosure vulnerability in the device. Vendor patching was issued around 2022-10-25, but evidence i...
CVE-2022-25932
The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability...
PT-2022-19894 · Inhand Networks · Inrouter302
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter302 version 3.5.45 Description: A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality. This allows an attacker to send a specially-crafted HTTP request, potentially leading to...
PT-2022-17610 · Inhand Networks · Inrouter302
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter302 version 3.5.45 Description: The issue affects the firmware of InHand Networks InRouter302, where fixes for certain vulnerabilities are incomplete, allowing an attacker to perform a privilege escalation and an...
Vulnerability Spotlight: Vulnerabilities in InHand router could give attackers access to console, delete files
Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered several vulnerabilities in InHand Networks InRouter302 that could allow an attacker to access the routers console and make changes to the routers settings, including security protocols. The InRout...
InHand Networks InRouter302 安全漏洞
The InHand Networks InRouter302 is an LTE cellular router from InHand Networks USA. A security vulnerability exists in the InHand Networks InRouter302 version V3.5.45, which stems from a remaining debug code vulnerability in the httpd port 4444 upload.cgi function...
InHand Networks InRouter302 安全漏洞
The InHand Networks InRouter302 is an LTE cellular router from InHand Networks USA. A security vulnerability exists in the InHand Networks InRouter302 version V3.5.45, which stems from a remaining debug code vulnerability in the console support feature...
InHand Networks InRouter302 安全漏洞
The InHand Networks InRouter302 is an LTE cellular router from InHand Networks USA. A security vulnerability exists in the InHand Networks InRouter302 version V3.5.45, which stems from a remaining debug code vulnerability in the console infct function...
InHand Networks InRouter302 安全漏洞
The InHand Networks InRouter302 is an LTE cellular router from InHand Networks, Inc. A security vulnerability exists in the InHand Networks InRouter302 version V3.5.45, which stems from a remaining debug code vulnerability in the console nvram function...