CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38468 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38468
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, son vulnerables a un ataque de tipo cross-scripting almacenado, que pueden permitir a un atacante secuestrar las sesiones de los usuarios conectados al sistema • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38470 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38470
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a ping tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, son vulnerables a que un atacante use una herramienta de ping para inyectar comandos en el dispositivo. Esto puede permitir al atacante ejecutar remotamente comandos en nombre del dispositivo • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38474 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38474
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. This may allow an attacker to execute a brute-force password attack with no time limitation and without harming the normal operation of the user. This could allow an attacker to gain valid credentials for the product interface. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, no presentan configurada ninguna política de bloqueo de cuentas par... • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-307: Improper Restriction of Excessive Authentication Attempts •