Vulnerabilities > Inhandnetworks > Ir615 Firmware > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-19 | CVE-2021-38464 | Inadequate Encryption Strength vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session. | 5.8 |
| 2021-10-19 | CVE-2021-38466 | Cross-site Scripting vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page. | 4.3 |
| 2021-10-19 | CVE-2021-38470 | OS Command Injection vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a ping tool to inject commands into the device. | 6.5 |
| 2021-10-19 | CVE-2021-38472 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an administrator that frames the router’s management portal and could lure the administrator to perform changes. | 4.3 |
| 2021-10-19 | CVE-2021-38474 | Improper Restriction of Excessive Authentication Attempts vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. | 5.0 |
| 2021-10-19 | CVE-2021-38476 | Information Exposure Through Discrepancy vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. | 5.0 |
| 2021-10-19 | CVE-2021-38478 | OS Command Injection vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. | 6.5 |