CVE-2021-38480 Vulnerability Details

  /     /     /  

CVE-2021-38480 Metadata Quick Info

CVE Published: 19/10/2021 | CVE Updated: 17/09/2024 | CVE Year: 2021
Source: icscert | Vendor: InHand Networks | Product: IR615 Router
Status : PUBLISHED

---

CVE-2021-38480 Description

InHand Networks IR615 Router\'s Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the router’s management portal, such as making configuration changes, changing administrator credentials, and running system commands on the router.

Metrics

CVSS Version: 3.1 | Base Score: 9.6 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-352
CWE Name: CROSS-SITE REQUEST FORGERY (CSRF) CWE-352
Source: InHand Networks

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).