Vulnerabilities > Inhandnetworks > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-10 | CVE-2022-27276 | OS Command Injection vulnerability in Inhandnetworks Inrouter 900 Firmware InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a remote code execution (RCE) vulnerability via the function sub_10F2C. | 9.8 |
| 2022-04-10 | CVE-2022-27277 | Path Traversal vulnerability in Inhandnetworks Inrouter 900 Firmware InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file deletion vulnerability via the function sub_17C08. | 9.1 |
| 2021-10-19 | CVE-2021-38462 | Weak Password Requirements vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. | 9.8 |
| 2021-10-19 | CVE-2021-38470 | Unspecified vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a ping tool to inject commands into the device. | 9.1 |
| 2021-10-19 | CVE-2021-38474 | Improper Restriction of Excessive Authentication Attempts vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. | 9.8 |
| 2021-10-19 | CVE-2021-38478 | Unspecified vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. | 9.1 |