CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-26042
https://notcve.org/view.php?id=CVE-2022-26042
12 May 2022 — An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. Se presenta una vulnerabilidad de inyección de comandos del Sistema Operativo en la funcionalidad daretools binary de InHand Networks InRouter302 versión V3.5.4. Una petición de red especialmente diseñada puede conllevar a una ejecución d... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1478 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-26020
https://notcve.org/view.php?id=CVE-2022-26020
12 May 2022 — An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de divulgación de información en la funcionalidad router configuration export de InHand Networks InRouter302 versión V3.5.4. Una petición de red especialmente diseñada puede conllevar a un aumento de privileg... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1474 • CWE-321: Use of Hard-coded Cryptographic Key CWE-798: Use of Hard-coded Credentials •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-26007
https://notcve.org/view.php?id=CVE-2022-26007
12 May 2022 — An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability. Se presenta una vulnerabilidad de inyección de comandos del Sistema Operativo en la funcionalidad console factory de InHand Networks InRouter302 versión V3.5.4. Una petición de red especialmente diseñada puede conllevar a una ejecución de un comando... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1475 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-26002
https://notcve.org/view.php?id=CVE-2022-26002
12 May 2022 — A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious packets to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de búfer en la región stack de la memoria en la funcionalidad console factory de InHand Networks InRouter302 versión V3.5.4. Una petición de red especialmente diseñada puede conllev... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1476 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-25995
https://notcve.org/view.php?id=CVE-2022-25995
12 May 2022 — A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. Se presenta una vulnerabilidad de ejecución de comandos en la funcionalidad console inhand de InHand Networks InRouter302 versión V3.5.4. Una petición de red especialmente diseñada puede conllevar a una ejecución de un comando arbitrario. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1477 • CWE-489: Active Debug Code •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-25172
https://notcve.org/view.php?id=CVE-2022-25172
12 May 2022 — An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the session cookie. Se presenta una vulnerabilidad de divulgación de información en la funcionalidad web interface session cookie de InHand Networks InRouter302 versión V3.5.4. La cookie de sesión carece del flag HttpOnly, h... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1470 • CWE-732: Incorrect Permission Assignment for Critical Resource CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag •
CVSS: 8.2EPSS: 0%CPEs: 2EXPL: 1CVE-2022-24910
https://notcve.org/view.php?id=CVE-2022-24910
12 May 2022 — A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Se presenta una vulnerabilidad de desbordamiento de búfer en la funcionalidad de la API httpd parse_ping_result de InHand Networks InRouter302 versión V3.5.4. Un archivo especialmente diseñado puede conllevar a una ejecución de código remota. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1471 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-21809
https://notcve.org/view.php?id=CVE-2022-21809
12 May 2022 — A file write vulnerability exists in the httpd upload.cgi functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary file upload. An attacker can upload a malicious file to trigger this vulnerability. Se presenta una vulnerabilidad de escritura de archivos en la funcionalidad httpd upload.cgi de InHand Networks InRouter302 versión V3.5.4. Una petición HTTP especialmente diseñada puede conllevar a una carga de archivos arbitraria. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1468 • CWE-377: Insecure Temporary File CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2022-21238
https://notcve.org/view.php?id=CVE-2022-21238
12 May 2022 — A cross-site scripting (xss) vulnerability exists in the info.jsp functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de tipo cross-site scripting (xss) en la funcionalidad info.jsp de InHand Networks InRouter302 versión V3.5.4. Una petición HTTP especialmente diseñada puede conllevar a una ejecución arbitraria de Javascript. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1469 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-21182
https://notcve.org/view.php?id=CVE-2022-21182
12 May 2022 — A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de escalada de privilegios en la funcionalidad router configuration import de InHand Networks InRouter302 versión V3.5.4. Una petición HTTP especialmente diseñada puede conllevar a un aumento de privilegios. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1472 • CWE-284: Improper Access Control •