The flaws affect the InRouter 302 compact industrial LTE router, which is designed for commercial and industrial environments, including for applications in the hospitality, financial, automotive, utilities, retail, public safety, and energy sectors. Some of the world’s largest organizations use InHand products.
The security holes, a vast majority of which have been assigned a “critical” or “high severity” rating, were discovered by researchers at Cisco’s Talos threat intelligence and research unit. They can lead to arbitrary file uploads, code execution, privilege escalation, OS command injection, and unauthorized firmware updates.
