InHand Networks IR302
Approved changes feed: RSS · Atom
cpe:2.3:h:inhandnetworks:ir302:-:*:*:*:*:*:*:*
part: h version: - update: *
| Vendor | Inhandnetworks (07cf40b4-3dc4-50e1-8e2f-d0b1a8dd1c3f) |
|---|---|
| Product | Ir302 (4ffc3611-e397-5c85-ac54-dc09e3d72c0d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2022-30543 |
not_vulnerable | 2026-06-08 05:43:38.291107 |
Details available
MEDIUM (4.3)
A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability.
Published: 2022-11-09T17:35:40.288Z
Updated: 2025-04-15T18:40:37.531Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-29888 |
not_vulnerable | 2026-06-08 05:42:49.587881 |
Details available
MEDIUM (6.5)
A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability.
Published: 2022-11-09T17:35:39.230Z
Updated: 2025-04-15T18:40:44.532Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-29481 |
not_vulnerable | 2026-06-08 05:42:48.019128 |
Details available
MEDIUM (4.9)
A leftover debug code vulnerability exists in the console nvram functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.
Published: 2022-11-09T17:35:38.151Z
Updated: 2025-04-15T18:40:54.031Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-28689 |
not_vulnerable | 2026-06-08 05:42:44.999378 |
Details available
MEDIUM (6.5)
A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
Published: 2022-11-09T17:35:37.094Z
Updated: 2025-04-15T18:41:03.059Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-27172 |
not_vulnerable | 2026-06-08 05:41:54.877728 |
Details available
MEDIUM (4.3)
A hard-coded password vulnerability exists in the console infactory functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted network request can lead to privileged operation execution. An attacker can send a sequence of requests to trigger this vulnerability.
Published: 2022-05-12T17:01:55.794Z
Updated: 2025-04-15T19:01:38.397Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26782 |
not_vulnerable | 2026-06-08 05:41:52.945479 |
Details available
CRITICAL (9.9)
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_set_item` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution.
Published: 2022-05-12T17:01:54.308Z
Updated: 2025-04-15T19:01:45.834Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26781 |
not_vulnerable | 2026-06-08 05:41:52.944985 |
Details available
CRITICAL (9.9)
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_print` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution.
Published: 2022-05-12T17:01:52.913Z
Updated: 2025-04-15T19:01:53.882Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26780 |
not_vulnerable | 2026-06-08 05:41:52.944477 |
Details available
CRITICAL (9.9)
Multiple improper input validation vulnerabilities exists in the libnvram.so nvram_import functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.An improper input validation vulnerability exists in the `httpd`'s `user_define_init` function. Controlling the `user_define_timeout` nvram variable can lead to remote code execution.
Published: 2022-05-12T17:01:51.178Z
Updated: 2025-04-15T19:02:00.940Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26518 |
not_vulnerable | 2026-06-08 05:41:52.322820 |
Details available
CRITICAL (9.9)
An OS command injection vulnerability exists in the console infactory_net functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
Published: 2022-05-12T17:01:49.718Z
Updated: 2025-04-15T19:02:08.321Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26510 |
not_vulnerable | 2026-06-08 05:41:52.307597 |
Details available
CRITICAL (9.9)
A firmware update vulnerability exists in the iburn firmware checks functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted HTTP request can lead to firmware update. An attacker can send a sequence of requests to trigger this vulnerability.
Published: 2022-05-12T17:01:48.207Z
Updated: 2025-04-15T19:02:14.358Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26420 |
not_vulnerable | 2026-06-08 05:41:51.960447 |
Details available
CRITICAL (9.9)
An OS command injection vulnerability exists in the console infactory_port functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
Published: 2022-05-12T17:01:46.771Z
Updated: 2025-04-15T19:02:22.509Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26085 |
not_vulnerable | 2026-06-08 05:41:50.512862 |
Details available
CRITICAL (9.9)
An OS command injection vulnerability exists in the httpd wlscan_ASP functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability.
Published: 2022-05-12T17:01:45.298Z
Updated: 2025-04-15T19:02:29.420Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26075 |
not_vulnerable | 2026-06-08 05:41:50.489888 |
Details available
CRITICAL (9.9)
An OS command injection vulnerability exists in the console infactory_wlan functionality of InHand Networks InRouter302 V3.5.37. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
Published: 2022-05-12T17:01:43.811Z
Updated: 2025-04-15T19:02:37.604Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26042 |
not_vulnerable | 2026-06-08 05:41:50.048941 |
Details available
CRITICAL (9.9)
An OS command injection vulnerability exists in the daretools binary functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
Published: 2022-05-12T17:01:42.301Z
Updated: 2025-04-15T19:02:44.432Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26023 |
not_vulnerable | 2026-06-08 05:41:50.012649 |
Details available
MEDIUM (6.5)
A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.
Published: 2022-11-09T17:35:36.028Z
Updated: 2025-04-15T18:41:10.624Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26020 |
not_vulnerable | 2026-06-08 05:41:50.010278 |
Details available
MEDIUM (6.3)
An information disclosure vulnerability exists in the router configuration export functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to increased privileges. An attacker can send an HTTP request to trigger this vulnerability.
Published: 2022-05-12T17:01:40.860Z
Updated: 2025-04-15T19:02:52.021Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26007 |
not_vulnerable | 2026-06-08 05:41:50.001628 |
Details available
CRITICAL (9.1)
An OS command injection vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.
Published: 2022-05-12T17:01:39.208Z
Updated: 2025-04-15T19:02:58.390Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-26002 |
not_vulnerable | 2026-06-08 05:41:49.828084 |
Details available
CRITICAL (9.1)
A stack-based buffer overflow vulnerability exists in the console factory functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to remote code execution. An attacker can send a sequence of malicious packets to trigger this vulnerability.
Published: 2022-05-12T17:01:37.845Z
Updated: 2025-04-15T19:03:05.849Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25995 |
not_vulnerable | 2026-06-08 05:41:49.822636 |
Details available
CRITICAL (9.9)
A command execution vulnerability exists in the console inhand functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.
Published: 2022-05-12T17:01:36.120Z
Updated: 2025-04-15T19:03:12.842Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-25172 |
not_vulnerable | 2026-06-08 05:41:45.482520 |
Details available
HIGH (7.5)
An information disclosure vulnerability exists in the web interface session cookie functionality of InHand Networks InRouter302 V3.5.4. The session cookie misses the HttpOnly flag, making it accessible via JavaScript and thus allowing an attacker, able to perform an XSS attack, to steal the session cookie.
Published: 2022-05-12T17:01:34.630Z
Updated: 2025-04-15T19:03:19.864Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2022-24910 |
not_vulnerable | 2026-06-08 05:41:44.877997 |
Details available
HIGH (8.2)
A buffer overflow vulnerability exists in the httpd parse_ping_result API functionality of InHand Networks InRouter302 V3.5.4. A specially-crafted file can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
Published: 2022-05-12T17:01:33.206Z
Updated: 2025-04-15T19:03:26.619Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.