Vulnerabilities > Inhandnetworks

DATE CVE VULNERABILITY TITLE RISK
2022-04-10 CVE-2022-27279 Path Traversal vulnerability in Inhandnetworks Inrouter 900 Firmware
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file read via the function sub_177E0.
network
low complexity
inhandnetworks CWE-22
7.5
2022-04-10 CVE-2022-27280 Cross-site Scripting vulnerability in Inhandnetworks Inrouter 900 Firmware
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the web_exec parameter at /apply.cgi.
network
low complexity
inhandnetworks CWE-79
5.4
2021-10-19 CVE-2021-38462 Weak Password Requirements vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy.
network
low complexity
inhandnetworks CWE-521
7.5
2021-10-19 CVE-2021-38464 Inadequate Encryption Strength vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session.
5.8
2021-10-19 CVE-2021-38466 Cross-site Scripting vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page.
4.3
2021-10-19 CVE-2021-38468 Cross-site Scripting vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system.
3.5
2021-10-19 CVE-2021-38470 OS Command Injection vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a ping tool to inject commands into the device.
network
low complexity
inhandnetworks CWE-78
6.5
2021-10-19 CVE-2021-38472 Improper Restriction of Rendered UI Layers or Frames vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the router’s management portal and could lure the administrator to perform changes.
4.3
2021-10-19 CVE-2021-38474 Improper Restriction of Excessive Authentication Attempts vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product.
network
low complexity
inhandnetworks CWE-307
5.0
2021-10-19 CVE-2021-38476 Information Exposure Through Discrepancy vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username.
network
low complexity
inhandnetworks CWE-203
5.0