Inhand Networks Inrouter302 vulnerabilities
25 known vulnerabilities affecting inhand_networks/inrouter302.
Total CVEs
25
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH17MEDIUM7
Vulnerabilities
Page 1 of 2
CVE-2022-26085P2HIGHCVSS 8.8vV3.5.42022-05-12
CVE-2022-26085 [HIGH] CWE-77 CVE-2022-26085: An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Network
An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2022-26042P2HIGHCVSS 8.8vV3.5.42022-05-12
CVE-2022-26042 [HIGH] CWE-77 CVE-2022-26042: An OS command injection vulnerability exists in the daretools binary functionality of InHand Network
An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-26420P2HIGHCVSS 8.8vV3.5.372022-05-12
CVE-2022-26420 [HIGH] CWE-78 CVE-2022-26420: An OS command injection vulnerability exists in the console infactory_port functionality of InHand N
An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-26075P2HIGHCVSS 8.8vV3.5.372022-05-12
CVE-2022-26075 [HIGH] CWE-78 CVE-2022-26075: An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand N
An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-26518P2HIGHCVSS 8.8vV3.5.372022-05-12
CVE-2022-26518 [HIGH] CWE-78 CVE-2022-26518: An OS command injection vulnerability exists in the console infactory_net functionality of InHand Ne
An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-26782P2HIGHCVSS 8.8vV3.5.42022-05-12
CVE-2022-26782 [HIGH] CWE-20 CVE-2022-26782: Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functional
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_defi
nvd
CVE-2022-26780P2HIGHCVSS 8.8vV3.5.42022-05-12
CVE-2022-26780 [HIGH] CWE-20 CVE-2022-26780: Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functional
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_defi
nvd
CVE-2022-26781P3HIGHCVSS 8.8vV3.5.42022-05-12
CVE-2022-26781 [HIGH] CWE-20 CVE-2022-26781: Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functional
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_defi
nvd
CVE-2022-25995P2HIGHCVSS 8.8vV3.5.42022-05-12
CVE-2022-25995 [HIGH] CWE-489 CVE-2022-25995: A command execution vulnerability exists in the console inhand functionality of InHand Networks InRo
A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-28689P3HIGHCVSS 8.8vV3.5.452022-11-09
CVE-2022-28689 [HIGH] CWE-489 CVE-2022-28689: A leftover debug code vulnerability exists in the console support functionality of InHand Networks I
A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-21182P3HIGHCVSS 8.8vV3.5.42022-05-12
CVE-2022-21182 [HIGH] CWE-284 CVE-2022-21182: A privilege escalation vulnerability exists in the router configuration import functionality of InHa
A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2022-27172P3HIGHCVSS 8.8vV3.5.372022-05-12
CVE-2022-27172 [HIGH] CWE-259 CVE-2022-27172: A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks
A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-30543P3HIGHCVSS 8.8vV3.5.452022-11-09
CVE-2022-30543 [HIGH] CWE-489 CVE-2022-30543: A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InR
A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-26007P3HIGHCVSS 7.2vV3.5.42022-05-12
CVE-2022-26007 [HIGH] CWE-77 CVE-2022-26007: An OS command injection vulnerability exists in the console factory functionality of InHand Networks
An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-26002P3HIGHCVSS 7.2vV3.5.42022-05-12
CVE-2022-26002 [HIGH] CWE-121 CVE-2022-26002: A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Ne
A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.
nvd
CVE-2022-21809P3HIGHCVSS 8.1vV3.5.42022-05-12
CVE-2022-21809 [HIGH] CWE-377 CVE-2022-21809: A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter3
A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability.
nvd
CVE-2022-29888P3HIGHCVSS 8.1vV3.5.452022-11-09
CVE-2022-29888 [HIGH] CWE-489 CVE-2022-29888: A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand
A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2022-25932P3CRITICALCVSS 9.8vV3.5.452022-11-09
CVE-2022-25932 [CRITICAL] CWE-284 CVE-2022-25932: The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2
The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability.
nvd
CVE-2022-26023P3MEDIUMCVSS 6.5vV3.5.452022-11-09
CVE-2022-26023 [MEDIUM] CWE-489 CVE-2022-26023: A leftover debug code vulnerability exists in the console verify functionality of InHand Networks In
A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-29481P3MEDIUMCVSS 6.5vV3.5.452022-11-09
CVE-2022-29481 [MEDIUM] CWE-489 CVE-2022-29481: A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InR
A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
1 / 2Next →