CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-27172
https://notcve.org/view.php?id=CVE-2022-27172
12 May 2022 — A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability. Se presenta una vulnerabilidad en la contraseña embebida en la funcionalidad console infactory de InHand Networks InRouter302 versión V3.5.37. Una petición de red especialmente diseñada puede conllevar a una ejecución de operaciones pr... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1496 • CWE-259: Use of Hard-coded Password CWE-798: Use of Hard-coded Credentials •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-26782
https://notcve.org/view.php?id=CVE-2022-26782
12 May 2022 — Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_set_item` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. Se presentan múltiples vulnerabilidades de comp... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1481 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-26781
https://notcve.org/view.php?id=CVE-2022-26781
12 May 2022 — Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_print` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. Se presentan múltiples vulnerabilidades de comprob... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1481 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-26780
https://notcve.org/view.php?id=CVE-2022-26780
12 May 2022 — Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_init` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. Existen múltiples vulnerabilidades de comprobación ... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1481 • CWE-20: Improper Input Validation •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-26518
https://notcve.org/view.php?id=CVE-2022-26518
12 May 2022 — An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Se presenta una vulnerabilidad de inyección de comandos del Sistema Operativo en la funcionalidad infactory_net de la consola de InHand Networks InRouter302 versión V3.5.37. Una serie de peticiones de red especialmente diseñada... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1501 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-26510
https://notcve.org/view.php?id=CVE-2022-26510
12 May 2022 — A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability. Se presenta una vulnerabilidad de actualización de firmware en la funcionalidad iburn firmware checks de InHand Networks InRouter302 versión V3.5.37. Una petición HTTP especialmente diseñada puede conllevar a una actualización del firmware. • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1495 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-26420
https://notcve.org/view.php?id=CVE-2022-26420
12 May 2022 — An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Se presenta una vulnerabilidad de inyección de comandos del Sistema Operativo en la funcionalidad infactory_port de la consola de InHand Networks InRouter302 versión V3.5.37. Una serie de peticiones de red especialmente diseña... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1499 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 2%CPEs: 2EXPL: 1CVE-2022-26085
https://notcve.org/view.php?id=CVE-2022-26085
12 May 2022 — An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. Se presenta una vulnerabilidad de inyección de comandos del Sistema Operativo en la funcionalidad httpd wlscan_ASP de InHand Networks InRouter302 versión V3.5.4. Una petición HTTP especialmente diseñada puede conllevar a una ejecución... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1473 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-26075
https://notcve.org/view.php?id=CVE-2022-26075
12 May 2022 — An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Se presenta una vulnerabilidad de inyección de comandos del Sistema Operativo en la funcionalidad infactory_wlan de la consola de InHand Networks InRouter302 versión V3.5.37. Una serie de peticiones de red especialmente diseña... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1500 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 1CVE-2022-26042
https://notcve.org/view.php?id=CVE-2022-26042
12 May 2022 — An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability. Se presenta una vulnerabilidad de inyección de comandos del Sistema Operativo en la funcionalidad daretools binary de InHand Networks InRouter302 versión V3.5.4. Una petición de red especialmente diseñada puede conllevar a una ejecución d... • https://talosintelligence.com/vulnerability_reports/TALOS-2022-1478 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •