CVE-2021-38478
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to an attacker using a traceroute tool to inject commands into the device. This may allow the attacker to remotely run commands on behalf of the device.
-
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
-
19/10/2021
Operating Systems 1
IR
IR615 Firmware
by Inhandnetworks
2 Versions
2 years ago
Vulnerability Categories 1
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Advisory Links 1
http://www.vicarius.io
is owned and operated by Vicarius Ltd. (the āCompanyā). All information contained on the
Website is purely for informational, and educational purposes and should be independently
verified and confirmed. Vicarius does not accept any liability for any loss or damage
whatsoever caused in reliance upon such information or services. No statements or information
presented in any form by Vicarius is intended as fact, and you agree that you will not
consider the statements or information presented on the Website as fact or as a guarantee of
performance.
Related CVEs
Security Research Topics
By Vicarius Cartoons
Apr 12, 2023
Vicarius Cartoons Presents: IT Passover
By David Parkinson Frost
Mar 27, 2023
Acropalypse wreaking havoc, zero-days in Samsung Exynos, Emotet returns (again)
By Vicarius Cartoons
Feb 14, 2023
Vicarius Cartoons Presents: Cupid's Exploit
By Paul Lighter
Jan 11, 2023
When the Target is Also the Threat
A software failure grounded thousands of flights today, raising a complicated question - how do you secure an unstable system? The answer has never been more urgent.
By Paul Lighter
Jan 06, 2023
The Uncomfortable Implications of the LastPass Attack
The recent attack on LastPass has people questioning if they can trust password managers. But there's a bigger issue lurking underneath - can you trust ANY security vendor?
Start Closing Security Gaps
- Risk reduction from Day 1
- Fast set-up and deployment
- Unified platform
- Full-featured 14-day trial