Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
InHand Networks InRouter 302, prior to version IR302 V3.5.56, and InRouter 615, prior to version InRouter6XX-S-V2.3.0.r5542, contain vulnerability CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'). An unauthorized user with privileged access to the local web interface or the cloud account managing the affected devices could push a specially crafted configuration update file to gain root access. This could lead to remote code execution with root privileges.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
InHand Networks InRouter302 操作系统命令注入漏洞
Vulnerability Description
InHand Networks InRouter302是美国InHand Networks公司的一个 LTE 蜂窝路由器。 InHand Networks InRouter302 V3.5.56之前版本、InRouter615 V2.3.0.r5542之前版本存在操作系统命令注入漏洞,该漏洞源于操作系统命令中使用的特殊元素中和不当。
CVSS Information
N/A
Vulnerability Type
N/A