501 matches found
CVE-2022-26007
An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-26002
A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious packets to trigger this vulnerability...
CVE-2022-26002
InHand Networks InRouter302 (V3.5.4) is affected by TALOS-2022-1476: a stack-based buffer overflow in the console factory functionality. The flaw occurs in the factory command path: if the first token is iwpriv, the second token is embedded into a fixed-size command buffer (128 bytes) via sprintf...
CVE-2022-26002
A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious packets to trigger this vulnerability...
CVE-2022-25995
CVE-2022-25995 affects InHand Networks InRouter302 (V3.5.4) in the console inhand functionality. Talos details a vulnerability where the inhand command decrypts a hard-coded string, compares it to a password, and if matched, spawns a /bin/sh via execl, enabling arbitrary command execution. The ex...
CVE-2022-25995
A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-25995
A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-25172
An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the sessi...
CVE-2022-25172
The CVE-2022-25172 issue affects InHand Networks InRouter302 (v3.5.4): the web interface session cookie is missing the HttpOnly flag, enabling JavaScript access and exposing the session cookie via XSS. TALOS details confirm this information disclosure vulnerability and show tested version 3.5.4; ...
CVE-2022-25172
An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the sessi...
CVE-2022-24910
A buffer overflow vulnerability exists in the httpd parsepingresult API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-24910
A buffer overflow vulnerability exists in the httpd parsepingresult API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-24910
InRouter302 (InHand Networks) V3.5.4 contains a buffer overflow in the httpd parse_ping_result API. TALOS-2022-1471 shows that if an attacker manipulates /tmp/ping_result.txt (via the apply.cgi PING_Test path on port 4444), the code path reads long lines and uses sscanf into small buffers, enabli...
CVE-2022-21809
A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability...
CVE-2022-21809
CVE-2022-21809 affects InHand Networks InRouter302 (V3.5.4). TALOS-2022-1468 documents a file-write vulnerability in the httpd upload.cgi endpoint: an attacker can upload arbitrary files by crafting a POST to upload.cgi, potentially leading to remote code execution. The flaw stems from how upload...
CVE-2022-21809
A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability...
CVE-2022-21238
The CVE-2022-21238 issue affects InHand Networks InRouter302 (V3.5.4). TALOS reports describe a cross-site scripting (XSS) vulnerability in the web server’s info.jsp endpoint, where input is injected via the _resmsg parameter and evaluated, allowing arbitrary Javascript execution when accessed by...
CVE-2022-21238
A cross-site scripting xss vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2022-21238
A cross-site scripting xss vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability...
CVE-2022-21182
A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability...