CVE-2021-38464

Published: Oct 19, 2021Modified: Nov 21, 2024

7.4

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 2.2 / Impact: 5.2

Source: NVD

Description

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session.

Affected (2)

Products: Inhandnetworks: Ir615 Firmware

Inhandnetworks

1 product

Ir615 Firmware

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Inhandnetworks Ir615 Firmware	Version 2.3.0.r4724

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Inhandnetworks Ir615 Firmware	Version 2.3.0.r4870

Running on/with	Platform Versions
Inhandnetworks Ir615	All versions

Related CWEs

CWE-326

Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

References (2)

https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05

Source: ics-cert@hq.dhs.gov

Third Party AdvisoryUS Government Resource

https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

Timeline

No history available yet.