[Nulled] » Information security » A serious vulnerability in the firmware of InHand Networks' InRouter
January 23 2023

A serious vulnerability in the firmware of InHand Networks' InRouter

A serious vulnerability in the firmware of InHand Networks' InRouter industrial routers threatens robots, electricity meters, medical and other Internet of Things devices.

Researchers have discovered a critical vulnerability CVE-2023-22598 with a score of 10 out of 10 in the InRouter firmware, which makes thousands of wireless IoT devices vulnerable to remote code execution. 

The problem was reported by specialists from OTORIO, who specialize in the security of OT environments, and almost immediately CISA also issued its warning about vulnerabilities in InHand Networks routers.

In total, the OTORIO team reported five vulnerabilities in the InHand Networks cloud management platform and InRouter firmware.

Bugs allow attackers to bypass NAT and traditional security levels, as well as remotely execute unauthorized code on behalf of the root user on devices connected to the cloud. 

According to the CISA warning, the CVE-2023-22598 error affects the InRouter302 models (all versions up to IR302 V3.5.56) and InRouter615 (all versions up to InRouter6XX-S-V2.3.0.r5542), which pose a threat to the transmission of confidential information in plain text, the introduction of OS commands, the use of a one-way hash with predictable salt and bypass access control.

By default, vulnerable products use an unsecured channel to communicate with a cloud platform, where an unauthorized user can intercept messages and steal confidential information. For example, configuration information and MQTT credentials.

In the capable hands of an attacker, these bugs can allow you to completely take control of any device managed by the InHand Networks cloud.

OTORIO experts warn that the identified errors pose a serious threat.

The fact is that InRouters are used in many different systems from, including industrial robots, drilling rigs, elevators, medical devices, charging stations for electric vehicles, smart meters, etc.

Information

Visitors who are in the group Guests they can't download files.
Log in to the site under your login and password or if you are a new user go through the process registrations on the website.

Comments:

This publication has no comments yet. You can be the first!

Information the publication:

  • Author of the publication: AdequateSchizo
  • Date of publication: 23 January 2023 12:15
  • Publication category(s): Information security
  • Number of views of the publication: 191
  • Number of comments to the publication: 0

Related News

16 January 2023
Information security
Potentially serious UEFI

Potentially serious UEFI firmware vulnerabilities in Qualcomm Snapdragon chips affect many devices manufactured by

Read more
16 January 2023
Information security
Red Balloon Security

Red Balloon Security researchers have discovered a potentially serious unpatched vulnerability affecting many

Read more
16 January 2023
Information security
The top-end dual-band

The top-end dual-band gaming router Asus RT-AX82U is subject to three critical vulnerabilities that can be used to

Read more
23 January 2023
Information security
RCE vulnerabilities were

RCE vulnerabilities were discovered in TP-Link and NetComm routers. CVE-2022-4498 and CVE-2022-4499 affect TP-Link

Read more
15 January 2023
Information security
Synology has eliminated

Synology has eliminated a critical vulnerability in VPN routers

Read more

Information

Users of 🆅🅸🆂🅸🆃🅾🆁 are not allowed to comment this publication.

Site Search

Site Menu


☑ Websites Scripts

Calendar

«    December 2024    »
MonTueWedThuFriSatSun
 1
2345678
9101112131415
16171819202122
23242526272829
3031 

Advertisement

Survey on the website

Evaluate the work of the site
 

Statistics

  • +5 Total articles 6750
  • +22 Comments 4230
  • +37 Users : 6050