CVE-2021-38462

CRITICAL

InHand Networks IR615 Router's Versions <2.3.0.r4724-2.3.0.r4870 - ...

Title source: llm

Description

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf.

References (1)

[Third Party Advisory, US Government Resource] https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05

Scores

CVSS v3 9.8

EPSS 0.0022

EPSS Percentile 44.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-521

Status published

Products (2)

inhandnetworks/ir615_firmware 2.3.0.r4724

inhandnetworks/ir615_firmware 2.3.0.r4870

Published Oct 19, 2021

Tracked Since Feb 18, 2026