Filtered by vendor Inhandnetworks
Subscribe
Total
49 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-30543 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-04 | N/A | 8.8 HIGH |
| A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-29481 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-04 | N/A | 6.5 MEDIUM |
| A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-28689 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-04 | N/A | 8.8 HIGH |
| A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-29888 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-04 | N/A | 8.1 HIGH |
| A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-26023 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-04 | N/A | 6.5 MEDIUM |
| A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26518 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-27273 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12168. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2022-26075 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-27172 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-27272 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_1791C. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2022-27279 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file read via the function sub_177E0. | |||||
| CVE-2022-26782 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_set_item` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. | |||||
| CVE-2022-27274 | 1 Inhandnetworks | 2 Inrouter 900, Inrouter 900 Firmware | 2024-02-04 | 7.5 HIGH | 9.8 CRITICAL |
| InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_12028. This vulnerability is triggered via a crafted packet. | |||||
| CVE-2022-26085 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | |||||
| CVE-2022-24910 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-04 | 4.6 MEDIUM | 6.7 MEDIUM |
| A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-26781 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_print` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. | |||||
| CVE-2022-21182 | 1 Inhandnetworks | 2 Inrouter302, Inrouter302 Firmware | 2024-02-04 | 6.5 MEDIUM | 8.8 HIGH |
| A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2022-21809 | 1 Inhandnetworks | 2 Inrouter302, Inrouter302 Firmware | 2024-02-04 | 5.5 MEDIUM | 8.1 HIGH |
| A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability. | |||||
| CVE-2022-25995 | 1 Inhandnetworks | 2 Ir302, Ir302 Firmware | 2024-02-04 | 9.0 HIGH | 8.8 HIGH |
| A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. | |||||
| CVE-2022-21238 | 1 Inhandnetworks | 2 Inrouter302, Inrouter302 Firmware | 2024-02-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (xss) vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability. | |||||