Inrouter302 Firmware@* Security Vulnerabilities and Issues — Inrouter302 Firmware@* CVE List

Lucene search

InhandnetworksInrouter302 Firmware*

9 matches found

CVE•added 2022/05/12 5:15 p.m.•64 views

CVE-2022-21809

A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability.

9.9CVSS8AI score0.01464EPSS

CVE•added 2022/05/12 5:15 p.m.•58 views

CVE-2022-21182

A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.

8.8CVSS8.8AI score0.00322EPSS

CVE•added 2022/11/09 6:15 p.m.•58 views

CVE-2022-25932

The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability.

9.8CVSS9.2AI score0.00148EPSS

CVE•added 2022/05/12 5:15 p.m.•52 views

CVE-2022-21238

A cross-site scripting (xss) vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.

6.1CVSS6.3AI score0.02031EPSS

CVE•added 2023/01/12 11:15 p.m.•46 views

CVE-2023-22601

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this paramet...

10CVSS8.4AI score0.00116EPSS

CVE•added 2023/01/12 11:15 p.m.•45 views

CVE-2023-22600

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. An unauthori...

10CVSS7.2AI score0.00128EPSS

CVE•added 2023/01/12 11:15 p.m.•44 views

CVE-2023-22598

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). An unauthorized user with privileged access to the l...

7.2CVSS7.8AI score0.00427EPSS

CVE•added 2023/01/12 11:15 p.m.•39 views

CVE-2023-22597

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by default. An unauthoriz...

6.5CVSS5.9AI score0.00077EPSS

CVE•added 2023/01/12 11:15 p.m.•34 views

CVE-2023-22599

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They send MQTT credentials in response to HTTP/HTTPS requests from the cloud platform. These cre...

9.1CVSS9.1AI score0.00041EPSS