cbcvebase.

Inhandnetworks Ir302 Firmware vulnerabilities

25 known vulnerabilities affecting inhandnetworks/ir302_firmware.

Total CVEs
25
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH15MEDIUM6

Vulnerabilities

Page 2 of 2
CVE-2022-29481P3MEDIUMCVSS 6.5v3.5.452022-11-09
CVE-2022-29481 [MEDIUM] CWE-489 CVE-2022-29481: A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InR A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-26510P3MEDIUMCVSS 6.5v3.5.372022-05-12
CVE-2022-26510 [MEDIUM] CWE-347 CVE-2022-26510: A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-26020P3MEDIUMCVSS 6.5v3.5.372022-05-12
CVE-2022-26020 [MEDIUM] CWE-321 CVE-2022-26020: An information disclosure vulnerability exists in the router configuration export functionality of I An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.
nvd
CVE-2022-24910P4MEDIUMCVSS 6.7≤ 3.5.372022-05-12
CVE-2022-24910 [MEDIUM] CWE-120 CVE-2022-24910: A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Ne A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
nvd
CVE-2022-25172P4MEDIUMCVSS 6.1≤ 3.5.42022-05-12
CVE-2022-25172 [MEDIUM] CWE-1004 CVE-2022-25172: An information disclosure vulnerability exists in the web interface session cookie functionality of An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the session cookie.
nvd
Inhandnetworks Ir302 Firmware vulnerabilities | cvebase