CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
30.6%
InHand Networks IR615 Routerβs Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the routerβs management portal, such as making configuration changes, changing administrator credentials, and running system commands on the router.
Vendor | Product | Version | CPE |
---|---|---|---|
inhandnetworks | ir615_firmware | 2.3.0.r4724 | cpe:2.3:o:inhandnetworks:ir615_firmware:2.3.0.r4724:*:*:*:*:*:*:* |
inhandnetworks | ir615 | - | cpe:2.3:h:inhandnetworks:ir615:-:*:*:*:*:*:*:* |
inhandnetworks | ir615_firmware | 2.3.0.r4870 | cpe:2.3:o:inhandnetworks:ir615_firmware:2.3.0.r4870:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
Percentile
30.6%