Lucene search
K

466 matches found

Cvelist
Cvelist
added 2021/10/19 12:11 p.m.19 views

CVE-2021-38478 InHand Networks IR615 Router

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device...

9.1CVSS9.4AI score0.01091EPSS
Exploits0References1
CVE
CVE
added 2021/10/19 12:11 p.m.41 views

CVE-2021-38478

CVE-2021-38478 affects InHand Networks IR615 Router. A traceroute-based command injection vulnerability enables an attacker to remotely run commands on the device. Affected versions include IR615 Router 2.3.0.r4724 and 2.3.0.r4870 (per initial CVE info); ICS advisory Update A also lists 2.3.0.r54...

9.1CVSS9.3AI score0.01091EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/10/19 12:11 p.m.42 views

CVE-2021-38480

The vulnerability CVE-2021-38480 affects InHand Networks IR615 Router versions 2.3.0.r4724 and 2.3.0.r4870, which are vulnerable to Cross-Site Request Forgery (CSRF) when unauthorized commands submit from a trusted user. This could allow an attacker to remotely perform actions on the router’s man...

9.6CVSS8.8AI score0.00527EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/19 12:11 p.m.14 views

CVE-2021-38480 InHand Networks IR615 Router

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the router’s management portal, such as makin...

9.6CVSS9.4AI score0.00527EPSS
Exploits0References1
CVE
CVE
added 2021/10/19 12:11 p.m.47 views

CVE-2021-38484

The CVE-2021-38484 issue affects InHand Networks IR615 Router. The connected ICS advisory (Update A) specifies affected versions as 2.3.0.r5417 and earlier; initial description listed 2.3.0.r4724 and 2.3.0.r4870. The vulnerability is Unrestricted Upload of File with Dangerous Type, where the rout...

9.1CVSS7.5AI score0.02597EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/19 12:11 p.m.21 views

CVE-2021-38484 InHand Networks IR615 Router

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scriptin...

9.1CVSS9.6AI score0.02597EPSS
Exploits0References1
CVE
CVE
added 2021/10/19 12:10 p.m.49 views

CVE-2021-38482

The CVE-2021-38482 vulnerability affects InHand Networks IR615 Router web UI. It is a stored cross-site scripting flaw in the router’s management portal, impacting versions 2.3.0.r4724 and 2.3.0.r4870 (update notes reference 2.3.0.r5417 and earlier). An attacker could hijack user sessions connect...

8.7CVSS5.3AI score0.00537EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/19 12:10 p.m.18 views

CVE-2021-38482 InHand Networks IR615 Router

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 website used to control the router is vulnerable to stored cross-site scripting, which may allow an attacker to hijack sessions of users connected to the system...

8.7CVSS8.6AI score0.00537EPSS
Exploits0References1
CVE
CVE
added 2021/10/19 12:10 p.m.44 views

CVE-2021-38472

CVE-2021-38472 affects InHand Networks IR615 Router, specifically the management portal in versions 2.3.0.r4724 and 2.3.0.r4870. The root cause is absence of the X-Frame-Options header, enabling clickjacking via a link sent to an administrator that frames the portal and could induce changes. Docu...

4.7CVSS5.1AI score0.00652EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/19 12:10 p.m.17 views

CVE-2021-38472 InHand Networks IR615 Router

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the router’s management portal and could lure the administrator to perform...

4.7CVSS5AI score0.00652EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/10/19 12:10 p.m.14 views

CVE-2021-38476 InHand Networks IR615 Router

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts...

6.5CVSS6.7AI score0.00736EPSS
Exploits0References1
CVE
CVE
added 2021/10/19 12:10 p.m.44 views

CVE-2021-38476

The CVE-2021-38476 case concerns InHand Networks IR615 Router, where the authentication process response can reveal the existence of a username, enabling attacker-led enumeration of user accounts. This observable response discrepancy is documented in CVE-2021-38476 (CVE list/NVD) with a CVSSv3 ba...

6.5CVSS5.7AI score0.00736EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/10/19 12:10 p.m.46 views

CVE-2021-38462

The CVE-2021-38462 issue affects InHand Networks IR615 Router (Versions 2.3.0.r4724 and 2.3.0.r4870). The vulnerability stems from a weak password policy in the router’s authentication, which could allow an attacker with valid credentials to enumerate passwords and impersonate other application u...

9.8CVSS9.6AI score0.01113EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/19 12:10 p.m.21 views

CVE-2021-38462 InHand Networks IR615 Router

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf...

9.8CVSS9.7AI score0.01113EPSS
Exploits0References1
CVE
CVE
added 2021/10/19 12:10 p.m.42 views

CVE-2021-38466

InHand Networks IR615 Router is affected by CVE-2021-38466 (stored/reflected) due to improper input validation in the help-page requests, enabling a reflected cross-site scripting attack that could execute code in a client browser. Affected versions cited include 2.3.0.r4724 and 2.3.0.r4870 (per ...

8.8CVSS6.3AI score0.00653EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/19 12:10 p.m.19 views

CVE-2021-38466 InHand Networks IR615 Router

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page. This may allow an attacker to perform a reflected cross-site scripting attack, which could allow an attacker to run code on behalf of the client...

8.8CVSS8.4AI score0.00653EPSS
Exploits0References1
CVE
CVE
added 2021/10/19 12:10 p.m.50 views

CVE-2021-38464

CVE-2021-38464 affects InHand Networks IR615 Router, versions 2.3.0.r4724 and 2.3.0.r4870, due to inadequate encryption strength that may allow an attacker to intercept communications or hijack sessions. The issue is documented in multiple sources (NVD and ICS), with CVSSv3 base scores around 6.4...

7.4CVSS6.8AI score0.00313EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/19 12:10 p.m.20 views

CVE-2021-38464 InHand Networks IR615 Router

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session...

6.4CVSS7.5AI score0.00313EPSS
Exploits0References1
CVE
CVE
added 2021/10/19 12:10 p.m.46 views

CVE-2021-38468

CVE-2021-38468 concerns the InHand Networks IR615 Router. The connected documents confirm a stored cross-site scripting vulnerability in the router’s management portal, enabling session hijacking of users connected to the system. The initial description lists affected versions 2.3.0.r4724 and 2.3...

8.7CVSS5.4AI score0.00537EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/10/19 12:10 p.m.22 views

CVE-2021-38468 InHand Networks IR615 Router

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system...

8.7CVSS8.7AI score0.00537EPSS
Exploits0References1
Rows per page
Query Builder