SB2023011314 - Multiple vulnerabilities in InHand Networks InRouter 302 and InRouter 615

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023011314

SB2023011314 - Multiple vulnerabilities in InHand Networks InRouter 302 and InRouter 615

Published: January 13, 2023 Updated: January 16, 2023

Security Bulletin ID SB2023011314
CSH Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 20% Medium 60% Low 20%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 vulnerabilities.


1) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-22597)

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.


2) OS Command Injection (CVE-ID: CVE-2023-22598)

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Use of a One-Way Hash with a Predictable Salt (CVE-ID: CVE-2023-22599)

CWE-ID: CWE-760 - Use of a One-Way Hash with a Predictable Salt

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a use of a one-way hash with a predictable salt. A remote attacker can receive MQTT commands with potentially sensitive information.


4) Improper access control (CVE-ID: CVE-2023-22600)

CWE-ID: CWE-284 - Improper Access Control

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber


The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected products allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. A remote attacker can send GET/SET configuration commands, reboot commands, and push firmware updates.


5) Use of insufficiently random values (CVE-ID: CVE-2023-22601)

CWE-ID: CWE-330 - Use of Insufficiently Random Values

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected products do not properly randomize MQTT ClientID parameters. A remote attacker can calculate this parameter and gain access to sensitive information on the target system.


Remediation

Install update from vendor's website.

References