QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2021-38480

Back to search

CVE-2021-38480

Published: Oct 19, 2021

Modified: Sep 17, 2024

PUBLISHED

CVSS v3.1

9.6

CRITICAL

Description

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the router’s management portal, such as making configuration changes, changing administrator credentials, and running system commands on the router.

VendorProductVersions

InHand Networks

IR615 Router

affected
2.3.0.r4724 and 2.3.0.r4870

Weaknesses (CWE)

CWE-352

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now