CVE-2021-38462
CRITICALInHand Networks IR615 Router's Versions <2.3.0.r4724-2.3.0.r4870 - ...
Title source: llmDescription
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05
Scores
CVSS v3
9.8
EPSS
0.0111
EPSS Percentile
61.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-521
Status
published
Products (2)
inhandnetworks/ir615_firmware
2.3.0.r4724
inhandnetworks/ir615_firmware
2.3.0.r4870
Published
Oct 19, 2021
Tracked Since
Feb 18, 2026