Multiple vulnerabilities in InHand Networks InRouter 302 and InRouter 615



Published: 2023-01-13 | Updated: 2023-01-16
Risk High
Patch available YES
Number of vulnerabilities 5
CVE-ID CVE-2023-22597
CVE-2023-22598
CVE-2023-22599
CVE-2023-22600
CVE-2023-22601
CWE-ID CWE-319
CWE-78
CWE-760
CWE-284
CWE-330
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
InRouter302
Hardware solutions / Routers & switches, VoIP, GSM, etc

InRouter 615
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor

Security Bulletin

This security bulletin contains information about 5 vulnerabilities.

1) Cleartext transmission of sensitive information

EUVDB-ID: #VU71149

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22597

CWE-ID: CWE-319 - Cleartext Transmission of Sensitive Information

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to software uses insecure communication channel to transmit sensitive information. A remote attacker with ability to intercept network traffic can gain access to sensitive data.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

InRouter302: before 3.5.56

InRouter 615: before 2.3.0.r5542

External links

http://ics-cert.us-cert.gov/advisories/icsa-23-012-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) OS Command Injection

EUVDB-ID: #VU71150

Risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22598

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote user to execute arbitrary shell commands on the target system.

The vulnerability exists due to improper input validation. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

InRouter302: before 3.5.56

InRouter 615: before 2.3.0.r5542

External links

http://ics-cert.us-cert.gov/advisories/icsa-23-012-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Use of a One-Way Hash with a Predictable Salt

EUVDB-ID: #VU71152

Risk: Medium

CVSSv3.1: 6.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22599

CWE-ID: CWE-760 - Use of a One-Way Hash with a Predictable Salt

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to a use of a one-way hash with a predictable salt. A remote attacker can receive MQTT commands with potentially sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

InRouter302: before 3.5.56

InRouter 615: before 2.3.0.r5542

External links

http://ics-cert.us-cert.gov/advisories/icsa-23-012-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper access control

EUVDB-ID: #VU71153

Risk: High

CVSSv3.1: 8.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22600

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to the affected products allow unauthenticated devices to subscribe to MQTT topics on the same network as the device manager. A remote attacker can send GET/SET configuration commands, reboot commands, and push firmware updates.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

InRouter302: before 3.5.56

InRouter 615: before 2.3.0.r5542

External links

http://ics-cert.us-cert.gov/advisories/icsa-23-012-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use of insufficiently random values

EUVDB-ID: #VU71154

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-22601

CWE-ID: CWE-330 - Use of Insufficiently Random Values

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the affected products do not properly randomize MQTT ClientID parameters. A remote attacker can calculate this parameter and gain access to sensitive information on the target system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

InRouter302: before 3.5.56

InRouter 615: before 2.3.0.r5542

External links

http://ics-cert.us-cert.gov/advisories/icsa-23-012-03


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###