2.3.0.R4870

CVSS 8.5 - HIGH

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

high complexity

inhandnetworks

CWE-862

NVD

Published: 2021-10-19

Updated: 2022-10-27

Summary

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected.

Vulnerable Configurations

Part	Description	Count
OS	Inhandnetworks Inhandnetworks Ir615 Firmware 2.3.0.R4724 Inhandnetworks Ir615 Firmware 2.3.0.R4870	2
Hardware	Inhandnetworks Inhandnetworks Ir615 -	1

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05