← Back

Ir302 Firmware

ir302_firmware

Vendor: Inhandnetworks • 25 CVEs

CVEs (25)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-26007
1Inhandnetworks
1Ir302 Firmware
Nov 21, 2024
May 12, 2022
N/A· v4
7.2 HIGH· v3
9.0 HIGH· v2
An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence...Show more
An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.Show less
CVE-2022-26002
1Inhandnetworks
1Ir302 Firmware
Nov 21, 2024
May 12, 2022
N/A· v4
7.2 HIGH· v3
6.5 MEDIUM· v2
A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a...Show more
A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.Show less
CVE-2022-25995
1Inhandnetworks
1Ir302 Firmware
Nov 21, 2024
May 12, 2022
N/A· v4
8.8 HIGH· v3
9.0 HIGH· v2
A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequ...Show more
A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.Show less
CVE-2022-25172
1Inhandnetworks
1Ir302 Firmware
Nov 21, 2024
May 12, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and...Show more
An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the session cookie.Show less
CVE-2022-24910
1Inhandnetworks
1Ir302 Firmware
Nov 21, 2024
May 12, 2022
N/A· v4
6.7 MEDIUM· v3
4.6 MEDIUM· v2
A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence o...Show more
A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.Show less