Filtered by vendor Inhandnetworks Subscriptions
Total 55 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2022-27268 1 Inhandnetworks 2 Inrouter 900, Inrouter 900 Firmware 2024-11-21 9.8 Critical
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the component get_cgi_from_memory. This vulnerability is triggered via a crafted packet.
CVE-2022-27172 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2024-11-21 8.8 High
A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-26782 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2024-11-21 8.8 High
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_set_item` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution.
CVE-2022-26781 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2024-11-21 8.8 High
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_print` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution.
CVE-2022-26780 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2024-11-21 8.8 High
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_init` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution.
CVE-2022-26518 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2024-11-21 8.8 High
An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-26510 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2024-11-21 6.5 Medium
A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-26420 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2024-11-21 8.8 High
An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-26085 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2024-11-21 8.8 High
An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
CVE-2022-26075 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2024-11-21 8.8 High
An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-26042 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2024-11-21 8.8 High
An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-26023 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2024-11-21 6.5 Medium
A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-26020 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2024-11-21 6.5 Medium
An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.
CVE-2022-26007 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2024-11-21 7.2 High
An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-26002 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2024-11-21 7.2 High
A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.
CVE-2022-25995 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2024-11-21 8.8 High
A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-25932 1 Inhandnetworks 2 Inrouter302, Inrouter302 Firmware 2024-11-21 9.8 Critical
The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability.
CVE-2022-25172 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2024-11-21 6.1 Medium
An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the session cookie.
CVE-2022-24910 1 Inhandnetworks 2 Ir302, Ir302 Firmware 2024-11-21 6.7 Medium
A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2022-21809 1 Inhandnetworks 2 Inrouter302, Inrouter302 Firmware 2024-11-21 8.1 High
A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability.