CVSS: 8.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38486 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38486
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870 del router IR615 de InHand Networks permite el autorregistro del producto afectado sin necesidad de crear una cuenta, ... • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-285: Improper Authorization CWE-862: Missing Authorization •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38478 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38478
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, son vulnerables a que un atacante use una herramienta de traceroute para inyectar comandos en el dispositivo. Esto puede permitir al atacante ejecutar remotamente comandos en nombre del dispositivo • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.6EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38480 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38480
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the router’s management portal, such as making configuration changes, changing administrator credentials, and running system commands on the router. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, son vulnerables a un ataque de tipo cross-s... • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 16%CPEs: 4EXPL: 0CVE-2021-38484 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38484
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scripting, deletion of system files, and remote code execution. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, no cuentan con un filtro o una comprobación de firmas para detectar o evitar una carga de a... • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38482 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38482
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 website used to control the router is vulnerable to stored cross-site scripting, which may allow an attacker to hijack sessions of users connected to the system. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, el sitio web usado para controlar el router, es vulnerable a un ataque de tipo cross-site scripting almacenado, que puede permitir a un atacante secuestrar las sesiones de los usuarios conectados al sistema • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.7EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38472 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38472
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the router’s management portal and could lure the administrator to perform changes. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, el portal de administración no contiene un encabezado X-FRAME-OPTIONS, de la que un atacante puede aprovecharse mediante el envío de un enla... • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38476 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38476
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, la respuesta del proceso de autenticación indica y comprueba la existencia de un nombre de usuario. Esto puede permitir a un atacante enumerar diferentes cuentas de usuario • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-203: Observable Discrepancy CWE-204: Observable Response Discrepancy •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38462 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38462
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, no aplican una política de contraseñas eficaz. Esto puede permitir a un atacante con credenciales de usuario obtenidas enumerar las contraseñas y hacerse pasar por otro... • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-521: Weak Password Requirements •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38466 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38466
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page. This may allow an attacker to perform a reflected cross-site scripting attack, which could allow an attacker to run code on behalf of the client browser. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, no llevan a cabo una comprobación de entrada suficiente en las peticiones del cliente desde la página de ayuda. Esto puede permitir a un ata... • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38464 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38464
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, presentan una fuerza de cifrado inadecuada, lo que puede permitir a un atacante interceptar la comunicación y robar información confidencial o secuestrar la sesión • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-326: Inadequate Encryption Strength •