Vulnerabilities > Inhandnetworks > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-12 | CVE-2022-26085 | OS Command Injection vulnerability in Inhandnetworks Ir302 Firmware 3.5.37 An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. | 6.5 |
| 2022-05-12 | CVE-2022-26510 | Improper Verification of Cryptographic Signature vulnerability in Inhandnetworks Ir302 Firmware 3.5.37 A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. | 4.0 |
| 2022-05-12 | CVE-2022-26518 | OS Command Injection vulnerability in Inhandnetworks Ir302 Firmware 3.5.37 An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. | 6.5 |
| 2022-05-12 | CVE-2022-26780 | Improper Input Validation vulnerability in Inhandnetworks Ir302 Firmware Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. | 6.5 |
| 2022-05-12 | CVE-2022-27172 | Use of Hard-coded Credentials vulnerability in Inhandnetworks Ir302 Firmware A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. | 6.5 |
| 2022-04-10 | CVE-2022-27280 | Cross-site Scripting vulnerability in Inhandnetworks Inrouter 900 Firmware InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the web_exec parameter at /apply.cgi. | 5.4 |
| 2021-10-19 | CVE-2021-38464 | Inadequate Encryption Strength vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session. | 5.8 |
| 2021-10-19 | CVE-2021-38466 | Cross-site Scripting vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page. | 4.3 |
| 2021-10-19 | CVE-2021-38470 | OS Command Injection vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a ping tool to inject commands into the device. | 6.5 |
| 2021-10-19 | CVE-2021-38472 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the router’s management portal and could lure the administrator to perform changes. | 4.3 |