Lucene search

K

Inhandnetworks Security Vulnerabilities

cve
cve

CVE-2022-27275

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_122D0. This vulnerability is triggered via a crafted...

9.8CVSS

9.7AI Score

0.008EPSS

2022-04-10 09:15 PM
53
cve
cve

CVE-2022-27279

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file read via the function...

7.5CVSS

7.5AI Score

0.002EPSS

2022-04-10 09:15 PM
53
cve
cve

CVE-2022-27269

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component config_ovpn. This vulnerability is triggered via a crafted...

9.8CVSS

9.7AI Score

0.008EPSS

2022-04-10 09:15 PM
63
cve
cve

CVE-2022-27274

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12028. This vulnerability is triggered via a crafted...

9.8CVSS

9.7AI Score

0.008EPSS

2022-04-10 09:15 PM
45
cve
cve

CVE-2022-27272

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_1791C. This vulnerability is triggered via a crafted...

9.8CVSS

9.7AI Score

0.008EPSS

2022-04-10 09:15 PM
38
cve
cve

CVE-2022-27270

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component ipsec_secrets. This vulnerability is triggered via a crafted...

9.8CVSS

9.7AI Score

0.008EPSS

2022-04-10 09:15 PM
55
cve
cve

CVE-2022-27277

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file deletion vulnerability via the function...

9.1CVSS

9.2AI Score

0.001EPSS

2022-04-10 09:15 PM
54
cve
cve

CVE-2022-27273

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12168. This vulnerability is triggered via a crafted...

9.8CVSS

9.7AI Score

0.008EPSS

2022-04-10 09:15 PM
55
cve
cve

CVE-2022-27276

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_10F2C. This vulnerability is triggered via a crafted...

9.8CVSS

9.7AI Score

0.008EPSS

2022-04-10 09:15 PM
46
cve
cve

CVE-2022-27271

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component python-lib. This vulnerability is triggered via a crafted...

9.8CVSS

9.7AI Score

0.008EPSS

2022-04-10 09:15 PM
57
cve
cve

CVE-2022-27280

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the web_exec parameter at...

5.4CVSS

5.3AI Score

0.001EPSS

2022-04-10 09:15 PM
53
cve
cve

CVE-2022-27268

InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component get_cgi_from_memory. This vulnerability is triggered via a crafted...

9.8CVSS

9.7AI Score

0.008EPSS

2022-04-10 09:15 PM
51
cve
cve

CVE-2023-22597

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by default. An...

6.5CVSS

5.9AI Score

0.001EPSS

2023-01-12 11:15 PM
24
cve
cve

CVE-2023-22600

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. An...

10CVSS

7.2AI Score

0.001EPSS

2023-01-12 11:15 PM
20
cve
cve

CVE-2023-22598

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). An unauthorized user with privileged access to...

7.2CVSS

7.8AI Score

0.002EPSS

2023-01-12 11:15 PM
26
cve
cve

CVE-2023-22601

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this...

10CVSS

8.4AI Score

0.001EPSS

2023-01-12 11:15 PM
25
cve
cve

CVE-2023-22599

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They send MQTT credentials in response to HTTP/HTTPS requests from the cloud platform. These...

9.1CVSS

9.1AI Score

0.002EPSS

2023-01-12 11:15 PM
15
cve
cve

CVE-2022-21182

A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this...

8.8CVSS

8.8AI Score

0.001EPSS

2022-05-12 05:15 PM
48
6
cve
cve

CVE-2022-26782

Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input...

8.8CVSS

8.9AI Score

0.005EPSS

2022-05-12 05:15 PM
47
2
cve
cve

CVE-2022-26781

Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input...

8.8CVSS

9AI Score

0.005EPSS

2022-05-12 05:15 PM
45
2
cve
cve

CVE-2022-26020

An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP request to trigger this...

6.5CVSS

6.3AI Score

0.001EPSS

2022-05-12 05:15 PM
50
6
cve
cve

CVE-2022-25172

An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the...

6.1CVSS

6AI Score

0.001EPSS

2022-05-12 05:15 PM
34
5
cve
cve

CVE-2022-25932

The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure...

9.8CVSS

9.2AI Score

0.002EPSS

2022-11-09 06:15 PM
42
4
cve
cve

CVE-2022-29481

A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this...

6.5CVSS

7.1AI Score

0.001EPSS

2022-11-09 06:15 PM
22
2
cve
cve

CVE-2022-28689

A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this...

8.8CVSS

9.1AI Score

0.001EPSS

2022-11-09 06:15 PM
24
2
cve
cve

CVE-2022-26023

A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this...

6.5CVSS

7.1AI Score

0.001EPSS

2022-11-09 06:15 PM
27
2
cve
cve

CVE-2022-29888

A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this...

8.1CVSS

8.5AI Score

0.001EPSS

2022-11-09 06:15 PM
24
cve
cve

CVE-2022-30543

A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this...

8.8CVSS

8.8AI Score

0.001EPSS

2022-11-09 06:15 PM
27
3
cve
cve

CVE-2021-38486

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to...

8.5CVSS

8.5AI Score

0.001EPSS

2021-10-19 01:15 PM
18
cve
cve

CVE-2022-27172

A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this...

8.8CVSS

8.6AI Score

0.001EPSS

2022-05-12 05:15 PM
41
5
cve
cve

CVE-2022-25995

A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this...

8.8CVSS

8.8AI Score

0.002EPSS

2022-05-12 05:15 PM
47
4
cve
cve

CVE-2022-26518

An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...

8.8CVSS

9AI Score

0.003EPSS

2022-05-12 05:15 PM
35
4
cve
cve

CVE-2022-26042

An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this...

8.8CVSS

8.9AI Score

0.002EPSS

2022-05-12 05:15 PM
41
4
cve
cve

CVE-2022-26510

A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this...

6.5CVSS

6.6AI Score

0.0005EPSS

2022-05-12 05:15 PM
39
2
cve
cve

CVE-2022-26002

A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious packets to trigger this...

7.2CVSS

7.6AI Score

0.003EPSS

2022-05-12 05:15 PM
47
6
cve
cve

CVE-2022-21809

A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this...

8.1CVSS

8AI Score

0.001EPSS

2022-05-12 05:15 PM
50
4
cve
cve

CVE-2022-24910

A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this...

6.7CVSS

7.3AI Score

0.001EPSS

2022-05-12 05:15 PM
45
4
cve
cve

CVE-2022-26075

An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...

8.8CVSS

9AI Score

0.003EPSS

2022-05-12 05:15 PM
45
2
cve
cve

CVE-2022-26420

An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this...

8.8CVSS

9AI Score

0.003EPSS

2022-05-12 05:15 PM
46
4
cve
cve

CVE-2022-26007

An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this...

7.2CVSS

7.3AI Score

0.002EPSS

2022-05-12 05:15 PM
49
4
cve
cve

CVE-2022-26780

Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input...

8.8CVSS

9AI Score

0.005EPSS

2022-05-12 05:15 PM
46
4
cve
cve

CVE-2022-21238

A cross-site scripting (xss) vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this...

6.1CVSS

6.3AI Score

0.005EPSS

2022-05-12 05:15 PM
41
6
cve
cve

CVE-2022-26085

An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this...

8.8CVSS

8.8AI Score

0.019EPSS

2022-05-12 05:15 PM
38
2
cve
cve

CVE-2021-38468

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the...

8.7CVSS

5AI Score

0.001EPSS

2021-10-19 01:15 PM
22
cve
cve

CVE-2021-38482

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 website used to control the router is vulnerable to stored cross-site scripting, which may allow an attacker to hijack sessions of users connected to the...

8.7CVSS

4.9AI Score

0.001EPSS

2021-10-19 01:15 PM
26
cve
cve

CVE-2021-38476

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user...

6.5CVSS

5.3AI Score

0.001EPSS

2021-10-19 01:15 PM
22
cve
cve

CVE-2021-38474

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. This may allow an attacker to execute a brute-force password attack with no time limitation and without harming the normal operation of the user....

9.8CVSS

9.7AI Score

0.002EPSS

2021-10-19 01:15 PM
24
cve
cve

CVE-2021-38484

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site...

9.1CVSS

7.2AI Score

0.003EPSS

2021-10-19 01:15 PM
23
cve
cve

CVE-2021-38470

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a ping tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the...

9.1CVSS

9.2AI Score

0.001EPSS

2021-10-19 01:15 PM
26
cve
cve

CVE-2021-38478

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the...

9.1CVSS

9.2AI Score

0.001EPSS

2021-10-19 01:15 PM
21
Total number of security vulnerabilities55