CVE-2021-38486 Vulnerability Details

  /     /     /  

CVE-2021-38486 Metadata Quick Info

CVE Published: 19/10/2021 | CVE Updated: 16/09/2024 | CVE Year: 2021
Source: icscert | Vendor: InHand Networks | Product: IR615 Router
Status : PUBLISHED

---

CVE-2021-38486 Description

InHand Networks IR615 Router\'s Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected.

Metrics

CVSS Version: 3.1 | Base Score: 8 HIGH
Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* HIGH
    Privileges Required (PR)* LOW
    User Interaction (UI)* REQUIRED
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-285
CWE Name: IMPROPER AUTHORIZATION CWE-285
Source: InHand Networks

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).