CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2022-27279
https://notcve.org/view.php?id=CVE-2022-27279
10 Apr 2022 — InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file read via the function sub_177E0. Se ha detectado que InHand Networks InRouter 900 Industrial 4G Router versiones anteriores a 1.0.0.r11700, contenía una lectura de archivos arbitraria por medio de la función sub_177E0 • https://drive.google.com/drive/folders/1MPtl6pGa7GMIT1-jg69YUGSQdVTfbnay?usp=sharing • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-27280
https://notcve.org/view.php?id=CVE-2022-27280
10 Apr 2022 — InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the web_exec parameter at /apply.cgi. Se ha detectado que InHand Networks InRouter 900 Industrial 4G Router versiones anteriores a v1.0.0.r11700, contenía una vulnerabilidad de tipo cross-site scripting (XSS) almacenado por medio del parámetro web_exec en el archivo /apply.cgi • https://github.com/wu610777031/IoT_Hunter/blob/main/Inhand%20InRouter%20900%20Industrial%204G%20Router%20%20Vulnerabilities%28XSS%29.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38486 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38486
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870 del router IR615 de InHand Networks permite el autorregistro del producto afectado sin necesidad de crear una cuenta, ... • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-285: Improper Authorization CWE-862: Missing Authorization •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38478 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38478
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, son vulnerables a que un atacante use una herramienta de traceroute para inyectar comandos en el dispositivo. Esto puede permitir al atacante ejecutar remotamente comandos en nombre del dispositivo • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38480 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38480
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the router’s management portal, such as making configuration changes, changing administrator credentials, and running system commands on the router. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, son vulnerables a un ataque de tipo cross-s... • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 16%CPEs: 4EXPL: 0CVE-2021-38484 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38484
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scripting, deletion of system files, and remote code execution. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, no cuentan con un filtro o una comprobación de firmas para detectar o evitar una carga de a... • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38482 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38482
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 website used to control the router is vulnerable to stored cross-site scripting, which may allow an attacker to hijack sessions of users connected to the system. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, el sitio web usado para controlar el router, es vulnerable a un ataque de tipo cross-site scripting almacenado, que puede permitir a un atacante secuestrar las sesiones de los usuarios conectados al sistema • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38472 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38472
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the router’s management portal and could lure the administrator to perform changes. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, el portal de administración no contiene un encabezado X-FRAME-OPTIONS, de la que un atacante puede aprovecharse mediante el envío de un enla... • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38476 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38476
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, la respuesta del proceso de autenticación indica y comprueba la existencia de un nombre de usuario. Esto puede permitir a un atacante enumerar diferentes cuentas de usuario • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-203: Observable Discrepancy CWE-204: Observable Response Discrepancy •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38462 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38462
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, no aplican una política de contraseñas eficaz. Esto puede permitir a un atacante con credenciales de usuario obtenidas enumerar las contraseñas y hacerse pasar por otro... • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-521: Weak Password Requirements •