SB2021100808 - Multiple vulnerabilities in InHand Networks IR615 Router
Published: October 8, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 13 secuirty vulnerabilities.
1) Improper Restriction of Rendered UI Layers or Frames (CVE-ID: CVE-2021-38472)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the management portal does not contain an X-FRAME-OPTIONS header. A remote attacker can send a link to an administrator that frames the router’s management portal and lure the administrator to perform changes.
2) Improper Authorization (CVE-ID: CVE-2021-38486)
The vulnerability allows a remote attacker to bypass authorization checks.
The vulnerability exists due to the cloud portal allows for self-registration of the affected product without any requirements to create an account. A remote authenticated attacker can have full control over the product and execute code within the internal network to which the product is connected.
3) Cross-site request forgery (CVE-ID: CVE-2021-38480)
The vulnerability allows a remote attacker to perform cross-site request forgery attacks.
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website.
4) Inadequate Encryption Strength (CVE-ID: CVE-2021-38464)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to inadequate encryption strength. A remote attacker on the local network can intercept the communication and steal sensitive information or hijack the session.
5) Improper Restriction of Excessive Authentication Attempts (CVE-ID: CVE-2021-38474)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the affected product has no account lockout policy configured for the login page of the product. A remote authenticated attacker can perform a brute-force attack and gain valid credentials for the product interface.
6) Arbitrary file upload (CVE-ID: CVE-2021-38484)
The vulnerability allows a remote user to compromise vulnerable system.
The vulnerability exists due to insufficient validation of file during file upload. A remote administrator can upload a malicious file and execute it on the server.
7) Cross-site scripting (CVE-ID: CVE-2021-38466)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within client requests from the help page. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
8) OS Command Injection (CVE-ID: CVE-2021-38470)
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation within the ping tool. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) OS Command Injection (CVE-ID: CVE-2021-38478)
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation within the traceroute tool. A remote administrator can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
10) Cross-site scripting (CVE-ID: CVE-2021-38482)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote authenticated attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
11) Stored cross-site scripting (CVE-ID: CVE-2021-38468)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote authenticated attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
12) Observable Response Discrepancy (CVE-ID: CVE-2021-38476)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the affected product’s authentication process response indicates and validates the existence of a username. A remote attacker can enumerate different user accounts.
13) Weak password requirements (CVE-ID: CVE-2021-38462)
The vulnerability allows a remote attacker to perform brute-force attack and guess the password.
The vulnerability exists due to weak password requirements. A remote attacker can enumerate passwords and impersonate other application users and perform operations on their behalf.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.