466 matches found
CVE-2021-38478 InHand Networks IR615 Router
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device...
CVE-2021-38478
CVE-2021-38478 affects InHand Networks IR615 Router. A traceroute-based command injection vulnerability enables an attacker to remotely run commands on the device. Affected versions include IR615 Router 2.3.0.r4724 and 2.3.0.r4870 (per initial CVE info); ICS advisory Update A also lists 2.3.0.r54...
CVE-2021-38480
The vulnerability CVE-2021-38480 affects InHand Networks IR615 Router versions 2.3.0.r4724 and 2.3.0.r4870, which are vulnerable to Cross-Site Request Forgery (CSRF) when unauthorized commands submit from a trusted user. This could allow an attacker to remotely perform actions on the router’s man...
CVE-2021-38480 InHand Networks IR615 Router
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the router’s management portal, such as makin...
CVE-2021-38484
The CVE-2021-38484 issue affects InHand Networks IR615 Router. The connected ICS advisory (Update A) specifies affected versions as 2.3.0.r5417 and earlier; initial description listed 2.3.0.r4724 and 2.3.0.r4870. The vulnerability is Unrestricted Upload of File with Dangerous Type, where the rout...
CVE-2021-38484 InHand Networks IR615 Router
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scriptin...
CVE-2021-38482
The CVE-2021-38482 vulnerability affects InHand Networks IR615 Router web UI. It is a stored cross-site scripting flaw in the router’s management portal, impacting versions 2.3.0.r4724 and 2.3.0.r4870 (update notes reference 2.3.0.r5417 and earlier). An attacker could hijack user sessions connect...
CVE-2021-38482 InHand Networks IR615 Router
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 website used to control the router is vulnerable to stored cross-site scripting, which may allow an attacker to hijack sessions of users connected to the system...
CVE-2021-38472
CVE-2021-38472 affects InHand Networks IR615 Router, specifically the management portal in versions 2.3.0.r4724 and 2.3.0.r4870. The root cause is absence of the X-Frame-Options header, enabling clickjacking via a link sent to an administrator that frames the portal and could induce changes. Docu...
CVE-2021-38472 InHand Networks IR615 Router
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the router’s management portal and could lure the administrator to perform...
CVE-2021-38476 InHand Networks IR615 Router
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts...
CVE-2021-38476
The CVE-2021-38476 case concerns InHand Networks IR615 Router, where the authentication process response can reveal the existence of a username, enabling attacker-led enumeration of user accounts. This observable response discrepancy is documented in CVE-2021-38476 (CVE list/NVD) with a CVSSv3 ba...
CVE-2021-38462
The CVE-2021-38462 issue affects InHand Networks IR615 Router (Versions 2.3.0.r4724 and 2.3.0.r4870). The vulnerability stems from a weak password policy in the router’s authentication, which could allow an attacker with valid credentials to enumerate passwords and impersonate other application u...
CVE-2021-38462 InHand Networks IR615 Router
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf...
CVE-2021-38466
InHand Networks IR615 Router is affected by CVE-2021-38466 (stored/reflected) due to improper input validation in the help-page requests, enabling a reflected cross-site scripting attack that could execute code in a client browser. Affected versions cited include 2.3.0.r4724 and 2.3.0.r4870 (per ...
CVE-2021-38466 InHand Networks IR615 Router
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page. This may allow an attacker to perform a reflected cross-site scripting attack, which could allow an attacker to run code on behalf of the client...
CVE-2021-38464
CVE-2021-38464 affects InHand Networks IR615 Router, versions 2.3.0.r4724 and 2.3.0.r4870, due to inadequate encryption strength that may allow an attacker to intercept communications or hijack sessions. The issue is documented in multiple sources (NVD and ICS), with CVSSv3 base scores around 6.4...
CVE-2021-38464 InHand Networks IR615 Router
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session...
CVE-2021-38468
CVE-2021-38468 concerns the InHand Networks IR615 Router. The connected documents confirm a stored cross-site scripting vulnerability in the router’s management portal, enabling session hijacking of users connected to the system. The initial description lists affected versions 2.3.0.r4724 and 2.3...
CVE-2021-38468 InHand Networks IR615 Router
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system...