A critical command injection vulnerability in the IPSec VPN feature of multiple InHand Networks industrial router firmware versions allows unauthenticated remote attackers to execute arbitrary commands with ROOT privileges. The vulnerability affects IR302 (V3.5.108 and earlier), IR305, IR315, and IR615 (all V1.0.118 and earlier). The CVSS 3.1 score of 9.8 reflects network attack vector, low complexity, no [truncated]
A critical command injection vulnerability exists in the WireGuard VPN feature of multiple InHand Networks industrial router firmware versions. The vulnerability allows unauthenticated remote attackers to execute arbitrary commands with ROOT privileges. Affected products include IR302 (V3.5.108 and earlier), IR305 (V1.0.118 and earlier), IR315 (V1.0.118 and earlier), and IR615 (V1.0.118 and earlier). The [truncated]
A critical command injection vulnerability in the ZeroTier VPN feature of InHand Networks industrial routers allows unauthenticated remote attackers to execute arbitrary commands with ROOT privileges. The vulnerability affects IR302 (V3.5.108 and earlier), IR305, IR315, and IR615 (all V1.0.118 and earlier). The CVSS 3.1 score of 9.8 reflects network attack vector, low complexity, no privileges required, a [truncated]
