501 matches found
CVE-2021-38484
The CVE-2021-38484 issue affects InHand Networks IR615 Router. The connected ICS advisory (Update A) specifies affected versions as 2.3.0.r5417 and earlier; initial description listed 2.3.0.r4724 and 2.3.0.r4870. The vulnerability is Unrestricted Upload of File with Dangerous Type, where the rout...
CVE-2021-38482 InHand Networks IR615 Router
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 website used to control the router is vulnerable to stored cross-site scripting, which may allow an attacker to hijack sessions of users connected to the system...
CVE-2021-38482
The CVE-2021-38482 vulnerability affects InHand Networks IR615 Router web UI. It is a stored cross-site scripting flaw in the router’s management portal, impacting versions 2.3.0.r4724 and 2.3.0.r4870 (update notes reference 2.3.0.r5417 and earlier). An attacker could hijack user sessions connect...
CVE-2021-38472 InHand Networks IR615 Router
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the router’s management portal and could lure the administrator to perform...
CVE-2021-38472
CVE-2021-38472 affects InHand Networks IR615 Router, specifically the management portal in versions 2.3.0.r4724 and 2.3.0.r4870. The root cause is absence of the X-Frame-Options header, enabling clickjacking via a link sent to an administrator that frames the portal and could induce changes. Docu...
CVE-2021-38476
The CVE-2021-38476 case concerns InHand Networks IR615 Router, where the authentication process response can reveal the existence of a username, enabling attacker-led enumeration of user accounts. This observable response discrepancy is documented in CVE-2021-38476 (CVE list/NVD) with a CVSSv3 ba...
CVE-2021-38476 InHand Networks IR615 Router
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts...
CVE-2021-38462 InHand Networks IR615 Router
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf...
CVE-2021-38462
The CVE-2021-38462 issue affects InHand Networks IR615 Router (Versions 2.3.0.r4724 and 2.3.0.r4870). The vulnerability stems from a weak password policy in the router’s authentication, which could allow an attacker with valid credentials to enumerate passwords and impersonate other application u...
CVE-2021-38466
InHand Networks IR615 Router is affected by CVE-2021-38466 (stored/reflected) due to improper input validation in the help-page requests, enabling a reflected cross-site scripting attack that could execute code in a client browser. Affected versions cited include 2.3.0.r4724 and 2.3.0.r4870 (per ...
CVE-2021-38466 InHand Networks IR615 Router
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page. This may allow an attacker to perform a reflected cross-site scripting attack, which could allow an attacker to run code on behalf of the client...
CVE-2021-38464
CVE-2021-38464 affects InHand Networks IR615 Router, versions 2.3.0.r4724 and 2.3.0.r4870, due to inadequate encryption strength that may allow an attacker to intercept communications or hijack sessions. The issue is documented in multiple sources (NVD and ICS), with CVSSv3 base scores around 6.4...
CVE-2021-38464 InHand Networks IR615 Router
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session...
CVE-2021-38468 InHand Networks IR615 Router
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system...
CVE-2021-38468
CVE-2021-38468 concerns the InHand Networks IR615 Router. The connected documents confirm a stored cross-site scripting vulnerability in the router’s management portal, enabling session hijacking of users connected to the system. The initial description lists affected versions 2.3.0.r4724 and 2.3...
CVE-2021-38470
CVE-2021-38470 affects InHand Networks IR615 Router. The OS command injection vulnerability allows an attacker with network access to inject commands by using a ping tool, potentially enabling remote execution of commands on the device. Affected versions include 2.3.0.r4724 and 2.3.0.r4870 (publi...
CVE-2021-38470 InHand Networks IR615 Router
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a ping tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device...
CVE-2021-38474
CVE-2021-38474 concerns InHand Networks IR615 Router. The vulnerability is in the login page where there is no account lockout policy, enabling brute-force attempts to gain valid credentials for the product interface. Affected versions, per public records, include IR615 Router versions 2.3.0.r472...
CVE-2021-38474 InHand Networks IR615 Router
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. This may allow an attacker to execute a brute-force password attack with no time limitation and without harming the normal operation of the user. Th...
PT-2021-22160 · Inhand Networks · Inhand Networks Ir615 Router
Name of the Vulnerable Software and Affected Versions: InHand Networks IR615 Router versions 2.3.0.r4724 through 2.3.0.r4870 Description: The issue allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control...