CVE-2022-21182

CVE-2022-21182 describes a privilege-escalation in InHand Networks InRouter302 (v3.5.4). Talos reports the issue in the router configuration import flow (upload.cgi): a non-privileged user can import a configuration and gain privileged credentials, reflecting CWE-284 (improper access control). CV...

Vulnerability Spotlight: How an attacker could chain several vulnerabilities in an industrial wireless router to gain root access

Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Blog by Francesco Benvenuto and Jon Munshaw. Cisco Talos recently discovered several vulnerabilities in InHand Networks’ InRouter302 that could allow an attacker to escalate their privileges on the targeted device from a... This...

InHand Networks InRouter302 操作系统命令注入漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version V3.5.37 contains an operating system command injection vulnerability that can be exploited by attackers to cause arbitrary command execution...

InHand Networks InRouter302 跨站脚本漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, U.S.A. A cross-site scripting vulnerability exists in InHand Networks InRouter302 V3.5.4, which can be exploited by attackers to cause arbitrary Javascript code...

InHand Networks InRouter Series 缓冲区错误漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version V3.5.4 is vulnerable to an input validation error in the libnvram.so nvramimport function. userdefineprint function in the userdefinetimeoutnvram variable has an incorrect input...

InHand Networks InRouter302 代码问题漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. A file-writing vulnerability exists in the InHand Networks InRouter302 V3.5.4, which can be exploited by attackers to submit special requests to upload malicious files and execute arbitrary code on the application...

InHand Networks InRouter302 缓冲区错误漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, U.S.A. A buffer overflow vulnerability exists in InHand Networks InRouter302 version V3.5.4, which stems from the httpd parsepingresult API function A boundary error occurs when handling untrusted input, which can be...

InHand Networks InRouter302 跨站脚本漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. An information disclosure vulnerability exists in InHand Networks InRouter302 V3.5.4, which stems from the lack of the HttpOnly flag in the session cookie, which could be exploited by an attacker to The vulnerabilit...

InHand Networks InRouter302 缓冲区错误漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, U.S.A. The InHand Networks InRouter302 version V3.5.4 is vulnerable to a buffer overflow vulnerability that could be exploited by an attacker to cause remote code execution via a specially crafted network request...

InHand Networks InRouter302操作系统命令注入漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version V3.5.4 contains an operating system command injection vulnerability that can be exploited by attackers to cause arbitrary command execution...

InHand Networks InRouter Series 信任管理问题漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. An information disclosure vulnerability exists in InHand Networks InRouter302 V3.5.4, which stems from the lack of effective protection of data by the router's configuration export feature. An attacker could exploit...

InHand Networks InRouter302 操作系统命令注入漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version V3.5.37 contains an operating system command injection vulnerability that can be exploited by attackers to cause arbitrary command execution...

InHand Networks InRouter Series 安全漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, U.S.A. An elevation of privilege vulnerability exists in the InHand Networks InRouter302 V3.5.4 release, which could be exploited by an attacker to cause an increase in privileges via a specially crafted HTTP request...

InHand Networks InRouter302 数据伪造问题漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, U.S.A. A firmware update vulnerability exists in the InHand Networks InRouter302 V3.5.37 release, which stems from a lack of valid validation in the iburn firmware checking feature. An attacker could exploit this...

PT-2022-17111 · Inhand Networks · Inrouter302

Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter302 version 3.5.4 Description: An information disclosure issue exists in the web interface session cookie functionality. The session cookie lacks the HttpOnly flag, making it accessible via JavaScript. This allows an...

PT-2022-18082 · Unknown +1 · Libnvram.So +2

Name of the Vulnerable Software and Affected Versions: InRouter302 version 3.5.4 Description: The issue is related to improper input validation vulnerabilities in the libnvram.so nvram import functionality and the httpd's user define print function. A specially-crafted file can lead to remote cod...

PT-2022-18083 · Unknown · Inrouter302

Name of the Vulnerable Software and Affected Versions: InRouter302 version 3.5.4 Description: The issue is related to improper input validation vulnerabilities in the libnvram.so nvram import functionality and the httpd's user define set item function. A specially-crafted file can lead to remote...

InHand Networks InRouter302 安全漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, U.S.A. A command execution vulnerability exists in InHand Networks InRouter302 version V3.5.4, which can be exploited by attackers to cause arbitrary command execution...

InHand Networks InRouter302 输入验证错误漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version V3.5.4 is vulnerable to an input validation error that originates in the libnvram.so nvramimport function userdefineinit function in the userdefinetimeoutnvram variable has...

InHand Networks InRouter302 操作系统命令注入漏洞

InHand Networks InRouter Series is a series of routers from InHand Networks, Inc. InHand Networks InRouter302 version 3.5.37 contains an operating system command injection vulnerability that could be exploited by an attacker to cause remote code execution with the help of a specially crafted...