Security
Headlines
HeadlinesLatestCVEs

Headline

Vulnerability Spotlight: Vulnerabilities in InHand router could give attackers access to console, delete files

This is just the latest set of vulnerabilities Talos has discovered in the InRouter302.

TALOS
#vulnerability#cisco#ssh#telnet

Thursday, October 27, 2022 11:10

Francesco Benvenuto of Cisco Talos discovered these vulnerabilities.

Cisco Talos recently discovered several vulnerabilities in InHand Networks’ InRouter302 that could allow an attacker to access the router’s console and make changes to the router’s settings, including security protocols.

The InRouter is an industrial LTE router that includes remote management functionalities and several security protection mechanisms, such as VPN connections and a firewall.

This is just the latest set of vulnerabilities Talos has discovered in the InRouter302. We previously outlined how an attacker could string together several other since-patched security issues to gain root access to the device.

TALOS-2022-1523 (CVE-2022-25932) is actually an updated vulnerability for a new patch, as the previous security update to cover TALOS-2022-1472 and TALOS-2022-1474 was not effective.

Additionally, the router’s firmware contains leftover code in the debug feature. The InRouter302 offers telnet and SSHD services. When provided with the correct credentials, both will allow access to the router’s console. From the console, an attacker could manipulate several crucial security settings, including providing a specific command to manipulate the firmware signature verification flag and upload malicious firmware to the device.

These vulnerabilities are:

  • TALOS-2022-1518 (CVE-2022-29481)
  • TALOS-2022-1519 (CVE-2022-30543)
  • TALOS-2022-1520 (CVE-2022-26023)
  • TALOS-2022-1521 (CVE-2022-28689)

TALOS-2022-1522 (CVE-2022-29888) could be exploited if an attacker sends the device a specially crafted HTTP request. If exploited correctly, the adversary could gain the ability to delete arbitrary files on the device, potentially disrupting its operations or settings.

Cisco Talos worked with InHand Networks to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

Users are encouraged to update these affected products as soon as possible: InHand Networks InRouter302, version 3.5.45. Talos tested and confirmed these versions of the router could be exploited by these vulnerabilities.

The following Snort rules will detect exploitation attempts against this vulnerability: 59152, 59153, 59882 – 59884 and 59886. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Related news

The many vulnerabilities Talos discovered in SOHO and industrial wireless routers post-VPNFilter

Given the privileged position these devices occupy on the networks they serve, they are prime targets for attackers, so their security posture is of paramount importance.

CVE-2022-30543

A leftover debug code vulnerability exists in the console infct functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to execution of privileged operations. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2022-29888: TALOS-2022-1522 || Cisco Talos Intelligence Group

A leftover debug code vulnerability exists in the httpd port 4444 upload.cgi functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted HTTP request can lead to arbitrary file deletion. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2022-28689: TALOS-2022-1521 || Cisco Talos Intelligence Group

A leftover debug code vulnerability exists in the console support functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted network request can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2022-26023: TALOS-2022-1520 || Cisco Talos Intelligence Group

A leftover debug code vulnerability exists in the console verify functionality of InHand Networks InRouter302 V3.5.45. A specially-crafted series of network requests can lead to disabling security features. An attacker can send a sequence of requests to trigger this vulnerability.

CVE-2022-25932: TALOS-2022-1523 || Cisco Talos Intelligence Group

The firmware of InHand Networks InRouter302 V3.5.45 introduces fixes for TALOS-2022-1472 and TALOS-2022-1474. The fixes are incomplete. An attacker can still perform, respectively, a privilege escalation and an information disclosure vulnerability.