High

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-12	CVE-2023-22598	OS Command Injection vulnerability in Inhandnetworks Inrouter302 Firmware and Inrouter615-S Firmware InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). network low complexity inhandnetworks CWE-78	7.2
2023-01-12	CVE-2023-22600	Unspecified vulnerability in Inhandnetworks Inrouter302 Firmware and Inrouter615-S Firmware InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-284: Improper Access Control. network high complexity inhandnetworks	8.1
2023-01-12	CVE-2023-22601	Use of Insufficiently Random Values vulnerability in Inhandnetworks Inrouter302 Firmware and Inrouter615-S Firmware InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-330: Use of Insufficiently Random Values. They do not properly randomize MQTT ClientID parameters. network low complexity inhandnetworks CWE-330	8.6
2022-11-09	CVE-2022-28689	Unspecified vulnerability in Inhandnetworks Ir302 Firmware 3.5.45 A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. network low complexity inhandnetworks	8.8
2022-11-09	CVE-2022-29888	Unspecified vulnerability in Inhandnetworks Ir302 Firmware 3.5.45 A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. network low complexity inhandnetworks	8.1
2022-11-09	CVE-2022-30543	Unspecified vulnerability in Inhandnetworks Ir302 Firmware 3.5.45 A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. network low complexity inhandnetworks	8.8
2022-05-12	CVE-2022-21182	Unspecified vulnerability in Inhandnetworks Inrouter302 Firmware 3.5.4 A privilege escalation vulnerability exists in the router configuration import functionality of InHand Networks InRouter302 V3.5.4. network low complexity inhandnetworks	8.8
2022-05-12	CVE-2022-26781	Out-of-bounds Write vulnerability in Inhandnetworks Ir302 Firmware 3.5.37 Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. network low complexity inhandnetworks CWE-787	8.8
2022-05-12	CVE-2022-26782	Out-of-bounds Write vulnerability in Inhandnetworks Ir302 Firmware 3.5.37 Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. network low complexity inhandnetworks CWE-787	8.8
2022-04-10	CVE-2022-27279	Path Traversal vulnerability in Inhandnetworks Inrouter 900 Firmware InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain an arbitrary file read via the function sub_177E0. network low complexity inhandnetworks CWE-22	7.5