HQ/EMEAFind out how we can help your business
InHand Network’s InRouter302 showed signs of vulnerabilities that could enable a malicious actor to infiltrate the router’s console. The researcher’s newly discovered flaws could allow attackers to modify the router’s settings, such as security protocols.
The InRouter is an industrial LTE router with remote management features and multiple security protection provisions like firewall and VPN connections. These newly disclosed flaws are the new set of vulnerabilities researchers discovered in the InHand InRouter302.
Reports say the previous vulnerabilities outlined how a malicious actor could put together several other previously patched security flaws to acquire root access to a targeted device.
The CVE-2020-25932 is a recently patched flaw for a new update. This update was a cover-up to a couple of ineffective patches months ago.
Moreover, the router’s firmware includes a leftover code in the debug functionality. The InHand InRouter302 provides SSHD and telnet services. Both abilities allow access to the router’s console if a user provides a correct credential.
Hence, unauthorised access could manipulate critical security settings like giving specific commands to control the firmware signature verification flag and upload firmware to the console.
There are five additional confirmed vulnerabilities in the InHand InRouter302.
Based on the investigation, an attacker could exploit the InHand router’s flaws, namely CVE-2022-29481, CVE-2022-30543, CVE-2022-26023, CVE-2022-28689, and CVE-2022-29888 if it could send to a targeted device a specially crafted HTTP request.
The attacker could obtain the ability to remove arbitrary files on the targeted device if they could exploit the flaws correctly. Additionally, the adversaries could potentially disrupt the settings and operations.
Experts encourage users to get a patch for the affected InHand Networks InRouter302 version 3.5.45. The cybersecurity researchers initiated a trial and error and confirmed that these versions of the InHand router could be abused through the earlier-mentioned vulnerabilities.
Further rules for the flaws might appear soon, and the current regulations for the affected router could change depending on the vulnerability information. As of now, users are advised to keep tabs on updates regarding the current issue to avoid getting an unwanted intrusion.
