2.3.0.R4870

CVSS 4.7 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

NONE

network

low complexity

inhandnetworks

CWE-1021

NVD

Published: 2021-10-19

Updated: 2021-10-22

Summary

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the router’s management portal and could lure the administrator to perform changes.

Vulnerable Configurations

Part	Description	Count
OS	Inhandnetworks Inhandnetworks Ir615 Firmware 2.3.0.R4724 Inhandnetworks Ir615 Firmware 2.3.0.R4870	2
Hardware	Inhandnetworks Inhandnetworks Ir615 -	1

Common Weakness Enumeration (CWE)

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05