CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38466 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38466
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page. This may allow an attacker to perform a reflected cross-site scripting attack, which could allow an attacker to run code on behalf of the client browser. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, no llevan a cabo una comprobación de entrada suficiente en las peticiones del cliente desde la página de ayuda. Esto puede permitir a un ata... • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.4EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38464 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38464
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, presentan una fuerza de cifrado inadecuada, lo que puede permitir a un atacante interceptar la comunicación y robar información confidencial o secuestrar la sesión • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-326: Inadequate Encryption Strength •
CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38468 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38468
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, son vulnerables a un ataque de tipo cross-scripting almacenado, que pueden permitir a un atacante secuestrar las sesiones de los usuarios conectados al sistema • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38470 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38470
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a ping tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, son vulnerables a que un atacante use una herramienta de ping para inyectar comandos en el dispositivo. Esto puede permitir al atacante ejecutar remotamente comandos en nombre del dispositivo • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-38474 – InHand Networks IR615 Router
https://notcve.org/view.php?id=CVE-2021-38474
19 Oct 2021 — InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. This may allow an attacker to execute a brute-force password attack with no time limitation and without harming the normal operation of the user. This could allow an attacker to gain valid credentials for the product interface. InHand Networks IR615 Router's Versiones 2.3.0.r4724 y 2.3.0.r4870, no presentan configurada ninguna política de bloqueo de cuentas par... • https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 • CWE-307: Improper Restriction of Excessive Authentication Attempts •