CVE-2021-38484
Last modified
CVE-2021-38484 is a high-severity vulnerability rated 7.2/10 on the CVSS scale. InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scripting, deletion of system files, and remote code execution.. EPSS estimates a 2.60% chance of exploitation in the next 30 days.
Description
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scripting, deletion of system files, and remote code execution.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Inhandnetworks | Ir615 Firmware | 2.3.0.r4724 |
| Inhandnetworks | Ir615 Firmware | 2.3.0.r4870 |
References
- https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05Third Party Advisory, US Government Resource
- https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05Third Party Advisory, US Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-38484?
How severe is CVE-2021-38484?
How do I fix CVE-2021-38484?
Are you affected by CVE-2021-38484?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST