Inhandnetworks

Inrouter302 Firmware

9 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2023-22597

  • EPSS 0.24%
  • Veröffentlicht 12.01.2023 23:15:10
  • Zuletzt bearbeitet 21.11.2024 07:45:01

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate...

7.2

CVE-2023-22598

  • EPSS 0.44%
  • Veröffentlicht 12.01.2023 23:15:10
  • Zuletzt bearbeitet 21.11.2024 07:45:02

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). ...

9.1

CVE-2023-22599

  • EPSS 0.15%
  • Veröffentlicht 12.01.2023 23:15:10
  • Zuletzt bearbeitet 21.11.2024 07:45:02

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They  send MQTT credentials in response to HT...

8.1

CVE-2023-22600

  • EPSS 0.12%
  • Veröffentlicht 12.01.2023 23:15:10
  • Zuletzt bearbeitet 21.11.2024 07:45:02

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on th...

8.6

CVE-2023-22601

  • EPSS 0.15%
  • Veröffentlicht 12.01.2023 23:15:10
  • Zuletzt bearbeitet 21.11.2024 07:45:02

InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters....

9.8

CVE-2022-25932

  • EPSS 0.49%
  • Veröffentlicht 09.11.2022 18:15:13
  • Zuletzt bearbeitet 21.11.2024 06:53:14

The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability.

6.1

CVE-2022-21238

Exploit
  • EPSS 2.03%
  • Veröffentlicht 12.05.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 06:44:10

A cross-site scripting (xss) vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this v...

8.1

CVE-2022-21809

Exploit
  • EPSS 1.42%
  • Veröffentlicht 12.05.2022 17:15:10
  • Zuletzt bearbeitet 21.11.2024 06:45:28

A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability.

8.8

CVE-2022-21182

Exploit
  • EPSS 0.31%
  • Veröffentlicht 12.05.2022 17:15:09
  • Zuletzt bearbeitet 21.11.2024 06:44:03

A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger thi...