CRITICAL🇵🇱 Wersja polska

CVE-2021-38484

CVSS 9.1v3.1pub. 2021-10-19upd. 2024-11-21

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scripting, deletion of system files, and remote code execution.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Inhandnetworks Ir615

    HW
    Inhandnetworks
    wszystkie wersje
  • Inhandnetworks Ir615 Firmware

    OS
    Inhandnetworks
    2.3.0.r47242.3.0.r4870
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
RCEXSS
CWE
References

Related vulnerabilities

CVE-2026-38704CRITICAL9.8PL ✓ten sam produkt

Command injection w funkcji WireGuard VPN urządzeń InHand Networks

CVE-2026-38707CRITICAL9.8PL ✓ten sam produkt

Command injection w funkcji IPSec VPN urządzeń InHand Networks — dostęp ROOT

CVE-2026-38702CRITICAL9.8PL ✓ten sam produkt

Command injection w firmware InHand Networks IR302/IR315/IR615 — dostęp ROOT

CVE-2026-38703CRITICAL9.8PL ✓ten sam produkt

Command injection w funkcji ZeroTier VPN urządzeń InHand Networks

CVE-2021-38480CRITICAL9.6ten sam produkt

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forge...