SB2022051611 - Multiple vulnerabilities in InHand Networks InRouter302

Security Bulletin ID SB2022051611

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 19

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 19 vulnerabilities.

1) OS Command Injection (CVE-ID: CVE-2022-26042)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the daretools binary functionality. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-26510)

CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a signature management issue in the iburn firmware checks functionality. A remote user can send a specially crafted request and update the firmware.

3) Cross-site scripting (CVE-ID: CVE-2022-21238)

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the info.jsp functionality. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

4) Improper access control (CVE-ID: CVE-2022-21182)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the router configuration import functionality. A remote user can send a specially crafted HTTP request and increase privileges on the system.

5) Sensitive Cookie Without 'HttpOnly' Flag (CVE-ID: CVE-2022-25172)

CWE-ID: CWE-1004 - Sensitive Cookie Without 'HttpOnly' Flag

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the "HTTPOnly" flag is not set in the web interface session cookie functionality. A remote attacker can gain unauthorized access to sensitive information on the system.

6) Stack-based buffer overflow (CVE-ID: CVE-2022-26782)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the libnvram.so nvram_import functionality in the httpd’s user_define_set_item function. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

7) Stack-based buffer overflow (CVE-ID: CVE-2022-26781)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the libnvram.so nvram_import functionality in the httpd’s user_define_print function. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

8) Stack-based buffer overflow (CVE-ID: CVE-2022-26780)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the libnvram.so nvram_import functionality in the httpd’s user_define_init function. A remote user can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

9) OS Command Injection (CVE-ID: CVE-2022-26075)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the console infactory_wlan functionality. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

10) OS Command Injection (CVE-ID: CVE-2022-26420)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the console infactory_port functionality. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

11) Active Debug Code (CVE-ID: CVE-2022-25995)

CWE-ID: CWE-489 - Active Debug Code

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to active debug code issue in the console inhand functionality. A remote user can send a specially crafted request and execute arbitrary commands.

12) Use of Hard-coded Cryptographic Key (CVE-ID: CVE-2022-26020)

CWE-ID: CWE-321 - Use of Hard-coded Cryptographic Key

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected product has a hardcoded private key in the router configuration export functionality. A remote user can increased privileges on the target system.

13) Insecure Temporary File (CVE-ID: CVE-2022-21809)

CWE-ID: CWE-377 - Insecure Temporary File

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a file write issue in the httpd upload.cgi functionality. A remote user can upload a malicious file and execute it on the server.

14) OS Command Injection (CVE-ID: CVE-2022-26007)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the console factory functionality. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

15) OS Command Injection (CVE-ID: CVE-2022-26085)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the httpd wlscan_ASP functionality. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

16) Stack-based buffer overflow (CVE-ID: CVE-2022-26002)

CWE-ID: CWE-121 - Stack-based buffer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the console factory functionality. A remote administrator can trigger stack-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

17) Use of Hard-coded Password (CVE-ID: CVE-2022-27172)

CWE-ID: CWE-259 - Use of Hard-coded Password

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the software contains a hard-coded password in the console infactory functionality. A remote user can cause privileged operation execution.

18) Buffer overflow (CVE-ID: CVE-2022-24910)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in the httpd parse_ping_result API functionality. A remote administrator can create a specially crafted file, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

19) OS Command Injection (CVE-ID: CVE-2022-26518)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation in the console infactory_net functionality. A remote user can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from vendor's website.

SB2022051611 - Multiple vulnerabilities in InHand Networks InRouter302

Breakdown by Severity

Description

Remediation

References

Please verify you're human