SB2022051611 - Multiple vulnerabilities in InHand Networks InRouter302
Published: May 16, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 19 secuirty vulnerabilities.
1) OS Command Injection (CVE-ID: CVE-2022-26042)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the daretools binary functionality. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-26510)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to a signature management issue in the iburn firmware checks functionality. A remote user can send a specially crafted request and update the firmware.
3) Cross-site scripting (CVE-ID: CVE-2022-21238)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the info.jsp functionality. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
4) Improper access control (CVE-ID: CVE-2022-21182)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the router configuration import functionality. A remote user can send a specially crafted HTTP request and increase privileges on the system.
5) Sensitive Cookie Without 'HttpOnly' Flag (CVE-ID: CVE-2022-25172)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the "HTTPOnly" flag is not set in the web interface session cookie functionality. A remote attacker can gain unauthorized access to sensitive information on the system.
6) Stack-based buffer overflow (CVE-ID: CVE-2022-26782)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the libnvram.so nvram_import functionality in the httpd’s user_define_set_item function. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Stack-based buffer overflow (CVE-ID: CVE-2022-26781)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the libnvram.so nvram_import functionality in the httpd’s user_define_print function. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
8) Stack-based buffer overflow (CVE-ID: CVE-2022-26780)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the libnvram.so nvram_import functionality in the httpd’s user_define_init function. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) OS Command Injection (CVE-ID: CVE-2022-26075)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the console infactory_wlan functionality. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) OS Command Injection (CVE-ID: CVE-2022-26420)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the console infactory_port functionality. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
11) Active Debug Code (CVE-ID: CVE-2022-25995)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to active debug code issue in the console inhand functionality. A remote user can send a specially crafted request and execute arbitrary commands.
12) Use of Hard-coded Cryptographic Key (CVE-ID: CVE-2022-26020)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected product has a hardcoded private key in the router configuration export functionality. A remote user can increased privileges on the target system.
13) Insecure Temporary File (CVE-ID: CVE-2022-21809)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a file write issue in the httpd upload.cgi functionality. A remote user can upload a malicious file and execute it on the server.
14) OS Command Injection (CVE-ID: CVE-2022-26007)
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the console factory functionality. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) OS Command Injection (CVE-ID: CVE-2022-26085)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the httpd wlscan_ASP functionality. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Stack-based buffer overflow (CVE-ID: CVE-2022-26002)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the console factory functionality. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
17) Use of Hard-coded Password (CVE-ID: CVE-2022-27172)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the software contains a hard-coded password in the console infactory functionality. A remote user can cause privileged operation execution.
18) Buffer overflow (CVE-ID: CVE-2022-24910)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the httpd parse_ping_result API functionality. A remote administrator can create a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
19) OS Command Injection (CVE-ID: CVE-2022-26518)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the console infactory_net functionality. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install update from vendor's website.
References
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1478
- https://www.inhandnetworks.com/upload/attachment/202205/10/InHand-PSA-2022-01.pdf
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1495
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1469
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1472
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1470
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1481
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1500
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1499
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1477
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1474
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1468
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1475
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1473
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1476
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1496
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1471
- https://talosintelligence.com/vulnerability_reports/TALOS-2022-1501