501 matches found
CVE-2022-21182
CVE-2022-21182 describes a privilege-escalation in InHand Networks InRouter302 (v3.5.4). Talos reports the issue in the router configuration import flow (upload.cgi): a non-privileged user can import a configuration and gain privileged credentials, reflecting CWE-284 (improper access control). CV...
CVE-2022-21182
A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability...
Vulnerability Spotlight: How an attacker could chain several vulnerabilities in an industrial wireless router to gain root access
Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Blog by Francesco Benvenuto and Jon Munshaw. Cisco Talos recently discovered several vulnerabilities in InHand Networks’ InRouter302 that could allow an attacker to escalate their privileges on the targeted device from a... This...
InHand Networks InRouter302 操作系统命令注入漏洞
InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version V3.5.37 contains an operating system command injection vulnerability that can be exploited by attackers to cause arbitrary command execution...
InHand Networks InRouter302 跨站脚本漏洞
InHand Networks InRouter Series is a series of routers from InHand Networks, U.S.A. A cross-site scripting vulnerability exists in InHand Networks InRouter302 V3.5.4, which can be exploited by attackers to cause arbitrary Javascript code...
InHand Networks InRouter302 代码问题漏洞
InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. A file-writing vulnerability exists in the InHand Networks InRouter302 V3.5.4, which can be exploited by attackers to submit special requests to upload malicious files and execute arbitrary code on the application...
InHand Networks InRouter302 缓冲区错误漏洞
InHand Networks InRouter Series is a series of routers from InHand Networks, U.S.A. A buffer overflow vulnerability exists in InHand Networks InRouter302 version V3.5.4, which stems from the httpd parsepingresult API function A boundary error occurs when handling untrusted input, which can be...
InHand Networks InRouter Series 缓冲区错误漏洞
InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 V3.5.4 is vulnerable to an input validation error that can be exploited by attackers to cause remote code execution via specially crafted files...
InHand Networks InRouter Series 安全漏洞
InHand Networks InRouter Series is a series of routers from InHand Networks, U.S.A. An elevation of privilege vulnerability exists in the InHand Networks InRouter302 V3.5.4 release, which could be exploited by an attacker to cause an increase in privileges via a specially crafted HTTP request...
InHand Networks InRouter302 安全漏洞
InHand Networks InRouter Series is a series of routers from InHand Networks, U.S.A. A command execution vulnerability exists in InHand Networks InRouter302 version V3.5.4, which can be exploited by attackers to cause arbitrary command execution...
InHand Networks InRouter302 操作系统命令注入漏洞
InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version 3.5.37 contains an operating system command injection vulnerability that could be exploited by an attacker to cause remote code execution with the help of a specially crafted...
InHand Networks InRouter Series 操作系统命令注入漏洞
InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version 3.5.4 has an operating system command injection vulnerability that can be exploited by attackers to execute arbitrary commands with the help of specially crafted network requests...
PT-2022-6204 · Inhand Networks · Inrouter302
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter302 version 3.5.4 Description: An information disclosure issue exists in the router configuration export functionality. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP...
InHand Networks InRouter Series 操作系统命令注入漏洞
InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version 3.5.4 has an operating system command injection vulnerability that could be exploited by an attacker to execute arbitrary commands with the help of specially crafted network...
PT-2022-6201 · Inhand Networks · Inrouter302
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter302 version 3.5.4 Description: The issue is related to inadequate access control in the software of InHand Networks InRouter302 routers. It allows a remote attacker to execute arbitrary commands and escalate privileges...
InHand Networks InRouter302 console infactory_port OS command injection vulnerability
Summary An OS command injection vulnerability exists in the console infactoryport functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Test...
InHand Networks InRouter302 router configuration import privilege escalation vulnerability
Summary A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions InHand...
InHand Networks InRouter302 web interface session cookie information disclosure vulnerability
Summary An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal t...
InHand Networks InRouter302 libnvram.so nvram_import improper input validation vulnerabilities
Summary Multiple improper input validation vulnerabilities exists in the libnvram.so nvramimport functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested...
InHand Networks InRouter302 console inhand command execution vulnerability
Summary A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. Tested Versions InHan...