Inhandnetworks Ir302 Firmware vulnerabilities
25 known vulnerabilities affecting inhandnetworks/ir302_firmware.
Total CVEs
25
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH15MEDIUM6
Vulnerabilities
Page 1 of 2
CVE-2022-26085P2HIGHCVSS 8.8v3.5.372022-05-12
CVE-2022-26085 [HIGH] CWE-77 CVE-2022-26085: An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Network
An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
nvd
CVE-2022-26042P2HIGHCVSS 8.8v3.5.372022-05-12
CVE-2022-26042 [HIGH] CWE-77 CVE-2022-26042: An OS command injection vulnerability exists in the daretools binary functionality of InHand Network
An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2026-38704P2CRITICALCVSS 9.8fixed in 3.5.1122026-05-28
CVE-2026-38704 [CRITICAL] CWE-77 CVE-2026-38704: A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmw
A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.
nvd
CVE-2026-38707P2CRITICALCVSS 9.8fixed in 3.5.1122026-05-28
CVE-2026-38707 [CRITICAL] CWE-77 CVE-2026-38707: A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware
A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.
nvd
CVE-2026-38703P2CRITICALCVSS 9.8fixed in 3.5.1122026-05-28
CVE-2026-38703 [CRITICAL] CWE-77 CVE-2026-38703: A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmwa
A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.
nvd
CVE-2026-38702P2CRITICALCVSS 9.8fixed in 3.5.1122026-05-28
CVE-2026-38702 [CRITICAL] CWE-77 CVE-2026-38702: A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmwa
A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.
nvd
CVE-2022-26420P2HIGHCVSS 8.8v3.5.372022-05-12
CVE-2022-26420 [HIGH] CWE-78 CVE-2022-26420: An OS command injection vulnerability exists in the console infactory_port functionality of InHand N
An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-26075P2HIGHCVSS 8.8v3.5.372022-05-12
CVE-2022-26075 [HIGH] CWE-78 CVE-2022-26075: An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand N
An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-26518P2HIGHCVSS 8.8v3.5.372022-05-12
CVE-2022-26518 [HIGH] CWE-78 CVE-2022-26518: An OS command injection vulnerability exists in the console infactory_net functionality of InHand Ne
An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-26782P2HIGHCVSS 8.8≤ 3.5.372022-05-12
CVE-2022-26782 [HIGH] CWE-20 CVE-2022-26782: Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functional
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_defi
nvd
CVE-2022-26780P2HIGHCVSS 8.8≤ 3.5.372022-05-12
CVE-2022-26780 [HIGH] CWE-20 CVE-2022-26780: Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functional
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_defi
nvd
CVE-2022-26781P3HIGHCVSS 8.8≤ 3.5.372022-05-12
CVE-2022-26781 [HIGH] CWE-20 CVE-2022-26781: Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functional
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_defi
nvd
CVE-2022-25995P2HIGHCVSS 8.8v3.5.42022-05-12
CVE-2022-25995 [HIGH] CWE-489 CVE-2022-25995: A command execution vulnerability exists in the console inhand functionality of InHand Networks InRo
A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-28689P3HIGHCVSS 8.8v3.5.452022-11-09
CVE-2022-28689 [HIGH] CWE-489 CVE-2022-28689: A leftover debug code vulnerability exists in the console support functionality of InHand Networks I
A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-27172P3HIGHCVSS 8.8≤ 3.5.372022-05-12
CVE-2022-27172 [HIGH] CWE-259 CVE-2022-27172: A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks
A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-30543P3HIGHCVSS 8.8v3.5.452022-11-09
CVE-2022-30543 [HIGH] CWE-489 CVE-2022-30543: A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InR
A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-26007P3HIGHCVSS 7.2v3.5.42022-05-12
CVE-2022-26007 [HIGH] CWE-77 CVE-2022-26007: An OS command injection vulnerability exists in the console factory functionality of InHand Networks
An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-26002P3HIGHCVSS 7.2v3.5.42022-05-12
CVE-2022-26002 [HIGH] CWE-121 CVE-2022-26002: A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Ne
A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.
nvd
CVE-2022-29888P3HIGHCVSS 8.1v3.5.452022-11-09
CVE-2022-29888 [HIGH] CWE-489 CVE-2022-29888: A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand
A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2022-26023P3MEDIUMCVSS 6.5v3.5.452022-11-09
CVE-2022-26023 [MEDIUM] CWE-489 CVE-2022-26023: A leftover debug code vulnerability exists in the console verify functionality of InHand Networks In
A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
1 / 2Next →