Ir302_firmware - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Ir302_firmware
(Inhandnetworks)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	21

Date	Id	Summary	Products	Score	Patch	Annotated
2022-05-12	CVE-2022-26510	A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability.	Ir302_firmware	6.5
2022-05-12	CVE-2022-26518	An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.	Ir302_firmware	8.8
2022-05-12	CVE-2022-26780	Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_init` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution.	Ir302_firmware	8.8
2022-05-12	CVE-2022-26781	Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_print` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution.	Ir302_firmware	8.8
2022-05-12	CVE-2022-26782	Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_set_item` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution.	Ir302_firmware	8.8
2022-05-12	CVE-2022-27172	A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability.	Ir302_firmware	8.8
2022-11-09	CVE-2022-26023	A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.	Ir302_firmware	6.5
2022-11-09	CVE-2022-28689	A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.	Ir302_firmware	8.8
2022-11-09	CVE-2022-29481	A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.	Ir302_firmware	6.5
2022-11-09	CVE-2022-29888	A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability.	Ir302_firmware	8.1