29 matches found
EUVD-2023-26737
Malicious code in bioql PyPI...
EUVD-2023-26736
Malicious code in bioql PyPI...
EUVD-2023-26738
Malicious code in bioql PyPI...
CVE-2023-22599
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They send MQTT credentials in response to HTTP/HTTPS requests from the cloud platform. These...
The vulnerability of InHand Networks InRouter 302 and InRouter 615 microprogrammed software lies in the use of an unencrypted data transmission channel by default. This allows attackers to gain unauthorized access to protected information or execute arbitrary commands.
The vulnerability of InHand Networks InRouter 302 and InRouter 615 microprogrammed software lies in the use of an unencrypted data transmission channel by default. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to protected information or execute arbitrary...
The vulnerability of InHand Networks InRouter 302 and InRouter 615 microprogrammed software lies in the use of one-way hashing with predictable random data. This allows attackers to gain unauthorized access to protected information.
The vulnerability of InHand Networks InRouter 302 and InRouter 615 microprogrammed software lies in the use of one-way hashing with predictable random data. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to protected information by sending...
The vulnerability of InHand Networks InRouter 302 and InRouter 615’s microprogramming software, related to deficiencies in access control, allows attackers to execute arbitrary commands.
The vulnerability of InHand Networks InRouter 302 and InRouter 615 microprogrammed software lies in the lack of access control mechanisms. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...
The vulnerability of Microprogrammed Software for InHand Networks’ InRouter 302 and InRouter 615 routers arises from the failure to take measures to neutralize special elements used in the operating system command. This vulnerability allows a perpetrator to execute arbitrary code.
The vulnerability of InHand Networks InRouter 302 and InRouter 615 lies in the lack of measures taken to neutralize special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with root privileges by sending a specially...
CISA Warns of Flaws Affecting Industrial Control Systems from Major Manufacturers
The U.S. Cybersecurity and Infrastructure Security Agency CISA has released several Industrial Control Systems ICS advisories warning of critical security flaws affecting products from Sewio, InHand Networks, Sauter Controls, and Siemens. The most severe of the flaws relate to Sewio's RTLS Studio...
CVE-2023-22598
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'. An unauthorized user with privileged access to the...
CVE-2023-22599
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They send MQTT credentials in response to HTTP/HTTPS requests from the cloud platform. These...
CVE-2023-22600
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. An...
CVE-2023-22597
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by default. An...
Design/Logic Flaw
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this...
Command injection
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection'. An unauthorized user with privileged access to the...
Command injection
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by default. An...
CVE-2023-22601
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this...
CVE-2023-22601
CVE-2023-22601 affects InHand Networks InRouter302 (pre V3.5.56) and InRouter615 (pre InRouter6XX-S-V2.3.0.r5542). It is CWE-330: Use of Insufficiently Random Values due to improper randomization of MQTT ClientID parameters, enabling an unauthorized user to gather information about other devices ...
CVE-2023-22600
Summary (CVE-2023-22600) InHand Networks InRouter 302 (pre-IR302 V3.5.56) and InRouter 615 (pre-InRouter6XX-S-V2.3.0.r5542) are affected by CWE-284: Improper Access Control. An unauthenticated device on the same network can subscribe to MQTT topics on the device manager network, and an attacker w...
CVE-2023-22600
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. An...