← Back

Ir302 Firmware

ir302_firmware

Vendor: Inhandnetworks • 25 CVEs

CVEs (25)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-38707
1Inhandnetworks
4Ir302 Firmware
Ir305 FirmwareIr315 Firmware+1 more
May 29, 2026
May 28, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can...Show more
A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.Show less
CVE-2026-38704
1Inhandnetworks
4Ir302 Firmware
Ir305 FirmwareIr315 Firmware+1 more
May 29, 2026
May 28, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers...Show more
A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.Show less
CVE-2026-38703
1Inhandnetworks
4Ir302 Firmware
Ir305 FirmwareIr315 Firmware+1 more
May 29, 2026
May 28, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers...Show more
A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.Show less
CVE-2026-38702
1Inhandnetworks
4Ir302 Firmware
Ir305 FirmwareIr315 Firmware+1 more
May 29, 2026
May 28, 2026
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers...Show more
A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR315 firmware V1.0.118, IR615 firmware V1.0.118, and earlier versions. Attackers can exploit this vulnerability to obtain ROOT privileges on remote target devices.Show less
CVE-2022-30543
1Inhandnetworks
1Ir302 Firmware
Nov 21, 2024
Nov 9, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An atta...Show more
A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability.Show less
CVE-2022-29888
1Inhandnetworks
1Ir302 Firmware
Nov 21, 2024
Nov 9, 2022
N/A· v4
8.1 HIGH· v3
N/A· v2
A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can sen...Show more
A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability.Show less
CVE-2022-29481
1Inhandnetworks
1Ir302 Firmware
Nov 21, 2024
Nov 9, 2022
N/A· v4
6.5 MEDIUM· v3
N/A· v2
A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker ca...Show more
A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.Show less
CVE-2022-28689
1Inhandnetworks
1Ir302 Firmware
Nov 21, 2024
Nov 9, 2022
N/A· v4
8.8 HIGH· v3
N/A· v2
A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a...Show more
A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.Show less
CVE-2022-26023
1Inhandnetworks
1Ir302 Firmware
Nov 21, 2024
Nov 9, 2022
N/A· v4
6.5 MEDIUM· v3
N/A· v2
A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker c...Show more
A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.Show less
CVE-2022-27172
1Inhandnetworks
1Ir302 Firmware
Nov 21, 2024
May 12, 2022
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can se...Show more
A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability.Show less
CVE-2022-26782
1Inhandnetworks
1Ir302 Firmware
Nov 21, 2024
May 12, 2022
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can s...Show more
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_set_item` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution.Show less
CVE-2022-26781
1Inhandnetworks
1Ir302 Firmware
Nov 21, 2024
May 12, 2022
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can s...Show more
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_print` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution.Show less
CVE-2022-26780
1Inhandnetworks
1Ir302 Firmware
Nov 21, 2024
May 12, 2022
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can s...Show more
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_init` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution.Show less
CVE-2022-26518
1Inhandnetworks
1Ir302 Firmware
Nov 21, 2024
May 12, 2022
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacke...Show more
An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.Show less
CVE-2022-26510
1Inhandnetworks
1Ir302 Firmware
Nov 21, 2024
May 12, 2022
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of r...Show more
A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability.Show less
CVE-2022-26420
1Inhandnetworks
1Ir302 Firmware
Nov 21, 2024
May 12, 2022
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attack...Show more
An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.Show less
CVE-2022-26085
1Inhandnetworks
1Ir302 Firmware
Nov 21, 2024
May 12, 2022
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an...Show more
An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.Show less
CVE-2022-26075
1Inhandnetworks
1Ir302 Firmware
Nov 21, 2024
May 12, 2022
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attack...Show more
An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.Show less
CVE-2022-26042
1Inhandnetworks
1Ir302 Firmware
Nov 21, 2024
May 12, 2022
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send...Show more
An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.Show less
CVE-2022-26020
1Inhandnetworks
1Ir302 Firmware
Nov 21, 2024
May 12, 2022
N/A· v4
6.5 MEDIUM· v3
4.0 MEDIUM· v2
An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to increased privileges. An attacker can...Show more
An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.Show less