240 matches found
CVE-2022-28689
CVE-2022-28689 affects InHand Networks InRouter302 (v3.5.45). Talos reports a console debug leftover that allows arbitrary command execution when an attacker issues a crafted sequence of requests to the device’s console, enabling a hidden or legacy command path (e.g., a leftover “support” functio...
CVE-2022-28689
A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-28689
A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-26023
A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-26023
The InHand Networks InRouter302 (version 3.5.45) is affected by TALOS-2022-1520: a leftover debug code vulnerability in the console verify function that can disable firmware signature verification. Attackers can trigger this via a crafted sequence of requests or using the console verify command (...
CVE-2022-26023
A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability...
CVE-2022-25932
The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability...
CVE-2022-25932
CVE-2022-25932 affects InHand Networks InRouter302 (v3.5.45). Talos reports that fixes for TALOS-2022-1472 and TALOS-2022-1474 were not effective, leaving a privilege escalation and an information disclosure vulnerability in the device. Vendor patching was issued around 2022-10-25, but evidence i...
CVE-2022-25932
The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability...
PT-2022-20167 · Inhand Networks · Inrouter302
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter302 version 3.5.45 Description: A leftover debug code vulnerability exists in the console infct functionality. This vulnerability can be triggered by a specially-crafted series of network requests, leading to the...
PT-2022-19894 · Inhand Networks · Inrouter302
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter302 version 3.5.45 Description: A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality. This allows an attacker to send a specially-crafted HTTP request, potentially leading to...
PT-2022-19169 · Inhand Networks · Inrouter302
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter302 version 3.5.45 Description: A leftover debug code vulnerability exists in the console support functionality. This vulnerability can be triggered by a specially-crafted network request, leading to arbitrary command...
PT-2022-19646 · Inhand Networks · Inrouter302
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter302 version 3.5.45 Description: A leftover debug code vulnerability exists in the console nvram functionality. This issue can be triggered by a specially-crafted series of network requests, leading to the disabling of...
PT-2022-17636 · Inhand Networks · Inrouter302
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter302 version 3.5.45 Description: A leftover debug code vulnerability exists in the console verify functionality. This vulnerability can be triggered by a specially-crafted series of network requests, leading to the...
PT-2022-17610 · Inhand Networks · Inrouter302
Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter302 version 3.5.45 Description: The issue affects the firmware of InHand Networks InRouter302, where fixes for certain vulnerabilities are incomplete, allowing an attacker to perform a privilege escalation and an...
Vulnerability Spotlight: Vulnerabilities in InHand router could give attackers access to console, delete files
Francesco Benvenuto of Cisco Talos discovered these vulnerabilities. Cisco Talos recently discovered several vulnerabilities in InHand Networks InRouter302 that could allow an attacker to access the routers console and make changes to the routers settings, including security protocols. The InRout...
InHand Networks InRouter302 安全漏洞
The InHand Networks InRouter302 is an LTE cellular router from InHand Networks USA. A security vulnerability exists in the InHand Networks InRouter302 version V3.5.45, which stems from a remaining debug code vulnerability in the httpd port 4444 upload.cgi function...
InHand Networks InRouter302 访问控制错误漏洞
The InHand Networks InRouter302 is an LTE cellular router from InHand Networks USA. An access control error vulnerability exists in InHand Networks InRouter302 version V3.5.45. An attacker could exploit this vulnerability to escalate privilege escalation and cause information disclosure...
InHand Networks InRouter302 安全漏洞
The InHand Networks InRouter302 is an LTE cellular router from InHand Networks USA. A security vulnerability exists in the InHand Networks InRouter302 version V3.5.45, which stems from a remaining debug code vulnerability in the console support feature...
InHand Networks InRouter302 安全漏洞
The InHand Networks InRouter302 is an LTE cellular router from InHand Networks USA. A security vulnerability exists in the InHand Networks InRouter302 version V3.5.45, which stems from a remaining debug code vulnerability in the console infct function...