Fortinet Discovers Inhand Networks InRouter615-S Cross-Site Scripting Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered a Cross-Site Scripting (XSS) vulnerability in Inhand Networks InRouter615-S.
InHand Networks is a global leader in Industrial IoT with product portfolio including industrial M2M routers, gateways, industrial Ethernet switches, industrial computers and IoT management platforms. It provides complete IoT solutions for various vertical markets including Smart Grid, Industrial Automation, Remote Machine Monitoring, Smart Vending, Smart City, Retail and more.
A Cross-Site Scripting vulnerability has been discovered in Inhand Networks InRouter615-S. It is caused by inadequate filtering on the user inputs.
Solutions
FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:InHand.Networks.InRouter.615.IPSEC.XSS
Released Jan 25, 2023
Users should apply the solution provided by InHand Networks.
Timeline
Fortinet reported the vulnerability to InHand Networks on October 27, 2022.
InHand Networks confirmed the vulnerability on November 15, 2022.
InHand Networks patched the vulnerability on March 14, 2023.