GCVE - cpe:2.3:o:inhandnetworks:ir302_firmware:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:o:inhandnetworks:ir302_firmware:*:*:*:*:*:*:*:*

part: o version: * update: *

Vendor	Inhandnetworks (`07cf40b4-3dc4-50e1-8e2f-d0b1a8dd1c3f`)
Product	Ir302 Firmware (`c2a448c9-a1a7-5d52-9f81-9b91c71849ae`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-27172`	vulnerable	2026-06-08 05:41:54.877700	Details available MEDIUM (4.3) A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability. Published: 2022-05-12T17:01:55.794Z Updated: 2025-04-15T19:01:38.397Z Open on db.gcve.eu Reference links https://www.inhandnetworks.com/upload/attachment/202205/10/InHand-PSA-2022-01.pdf https://talosintelligence.com/vulnerability_reports/TALOS-2022-1496	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-26782`	vulnerable	2026-06-08 05:41:52.945456	Details available CRITICAL (9.9) Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_set_item` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. Published: 2022-05-12T17:01:54.308Z Updated: 2025-04-15T19:01:45.834Z Open on db.gcve.eu Reference links https://www.inhandnetworks.com/upload/attachment/202205/10/InHand-PSA-2022-01.pdf https://talosintelligence.com/vulnerability_reports/TALOS-2022-1481	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-26781`	vulnerable	2026-06-08 05:41:52.944964	Details available CRITICAL (9.9) Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_print` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. Published: 2022-05-12T17:01:52.913Z Updated: 2025-04-15T19:01:53.882Z Open on db.gcve.eu Reference links https://www.inhandnetworks.com/upload/attachment/202205/10/InHand-PSA-2022-01.pdf https://talosintelligence.com/vulnerability_reports/TALOS-2022-1481	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-26780`	vulnerable	2026-06-08 05:41:52.944449	Details available CRITICAL (9.9) Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_init` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution. Published: 2022-05-12T17:01:51.178Z Updated: 2025-04-15T19:02:00.940Z Open on db.gcve.eu Reference links https://www.inhandnetworks.com/upload/attachment/202205/10/InHand-PSA-2022-01.pdf https://talosintelligence.com/vulnerability_reports/TALOS-2022-1481	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-25172`	vulnerable	2026-06-08 05:41:45.482490	Details available HIGH (7.5) An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the session cookie. Published: 2022-05-12T17:01:34.630Z Updated: 2025-04-15T19:03:19.864Z Open on db.gcve.eu Reference links https://www.inhandnetworks.com/upload/attachment/202205/10/InHand-PSA-2022-01.pdf https://talosintelligence.com/vulnerability_reports/TALOS-2022-1470	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-24910`	vulnerable	2026-06-08 05:41:44.876878	Details available HIGH (8.2) A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. Published: 2022-05-12T17:01:33.206Z Updated: 2025-04-15T19:03:26.619Z Open on db.gcve.eu Reference links https://www.inhandnetworks.com/upload/attachment/202205/10/InHand-PSA-2022-01.pdf https://talosintelligence.com/vulnerability_reports/TALOS-2022-1471	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.