CRITICAL🇵🇱 Wersja polska

CVE-2021-38480

CVSS 9.6v3.1pub. 2021-10-19upd. 2024-11-21

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the router’s management portal, such as making configuration changes, changing administrator credentials, and running system commands on the router.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
  • Inhandnetworks Ir615

    HW
    Inhandnetworks
    wszystkie wersje
  • Inhandnetworks Ir615 Firmware

    OS
    Inhandnetworks
    2.3.0.r47242.3.0.r4870
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2026-38704CRITICAL9.8PL ✓ten sam produkt

Command injection w funkcji WireGuard VPN urządzeń InHand Networks

CVE-2026-38707CRITICAL9.8PL ✓ten sam produkt

Command injection w funkcji IPSec VPN urządzeń InHand Networks — dostęp ROOT

CVE-2026-38702CRITICAL9.8PL ✓ten sam produkt

Command injection w firmware InHand Networks IR302/IR315/IR615 — dostęp ROOT

CVE-2026-38703CRITICAL9.8PL ✓ten sam produkt

Command injection w funkcji ZeroTier VPN urządzeń InHand Networks

CVE-2021-38484CRITICAL9.1ten sam produkt

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to...

CVE-2021-38480 — Inhandnetworks — Ir615 — CRITICAL — CVSS 9.6 | CVEbaza.pl