Inhand Networks Inrouter 302 vulnerabilities
5 known vulnerabilities affecting inhand_networks/inrouter_302.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH3MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-22600P3HIGHCVSS 8.1fixed in IR302 V3.5.562023-01-12
CVE-2023-22600 [HIGH] CWE-284 CVE-2023-22600: InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. They allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. An unauthorized user who knows of an existing topic name could send
nvd
CVE-2023-22598P3HIGHCVSS 7.2fixed in IR302 V3.5.562023-01-12
CVE-2023-22598 [HIGH] CWE-78 CVE-2023-22598: InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').
An unauthorized user with privileged access to the local web interface or the cloud account managing the af
nvd
CVE-2023-22599P3CRITICALCVSS 9.1fixed in IR302 V3.5.562023-01-12
CVE-2023-22599 [CRITICAL] CWE-760 CVE-2023-22599: InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-760: Use of a One-way Hash with a Predictable Salt. They
send MQTT credentials in response to HTTP/HTTPS requests from the cloud platform. These credentials are encoded using a hardcoded string into
nvd
CVE-2023-22601P3HIGHCVSS 8.6fixed in IR302 V3.5.562023-01-12
CVE-2023-22601 [HIGH] CWE-330 CVE-2023-22601: InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. An unauthorized user could calculate this parameter and use it to gather additional information about ot
nvd
CVE-2023-22597P4MEDIUMCVSS 5.9fixed in IR302 V3.5.562023-01-12
CVE-2023-22597 [MEDIUM] CWE-319 CVE-2023-22597: InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version In
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-319: Cleartext Transmission of Sensitive Information. They use an unsecured channel to communicate with the cloud platform by default. An unauthorized user could intercept this communication and steal
nvd