2.3.0.R4870

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

inhandnetworks

CWE-307

NVD

Published: 2021-10-19

Updated: 2021-10-22

Summary

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. This may allow an attacker to execute a brute-force password attack with no time limitation and without harming the normal operation of the user. This could allow an attacker to gain valid credentials for the product interface.

Vulnerable Configurations

Part	Description	Count
OS	Inhandnetworks Inhandnetworks Ir615 Firmware 2.3.0.R4724 Inhandnetworks Ir615 Firmware 2.3.0.R4870	2
Hardware	Inhandnetworks Inhandnetworks Ir615 -	1

Common Weakness Enumeration (CWE)

CWE-307 - Improper Restriction of Excessive Authentication Attempts

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05