Main Vulnerability Database Vulnerabilities #VU57152

Improper Authorization in IR615 Router - CVE-2021-38486

Published: October 8, 2021

Vulnerability identifier: #VU57152

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-38486

CWE-ID: CWE-285

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
IR615 Router

Software vendor:
InHand Networks

Description

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to the cloud portal allows for self-registration of the affected product without any requirements to create an account. A remote authenticated attacker can have full control over the product and execute code within the internal network to which the product is connected.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://ics-cert.us-cert.gov/advisories/icsa-21-280-05

Improper Authorization in IR615 Router - CVE-2021-38486

Description

Remediation

External links

Please verify you're human