CVE-2021-38474
MEDIUMInHand Networks IR615 Router <2.3.0.r4870 - Info Disclosure
Title source: llmDescription
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. This may allow an attacker to execute a brute-force password attack with no time limitation and without harming the normal operation of the user. This could allow an attacker to gain valid credentials for the product interface.
References (1)
Core 1
Core References
Third Party Advisory, US Government Resource x_refsource_misc
https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05
Scores
CVSS v3
6.3
EPSS
0.0066
EPSS Percentile
46.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-307
Status
published
Products (2)
inhandnetworks/ir615_firmware
2.3.0.r4724
inhandnetworks/ir615_firmware
2.3.0.r4870
Published
Oct 19, 2021
Tracked Since
Feb 18, 2026