PT-2021-22146 · Inhand Networks · Ir615 Router

Published

2021-10-19

Updated

2021-10-22

CVE-2021-38472

CVSS v3.1

4.7

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions InHand Networks IR615 Router versions 2.3.0.r4724 through 2.3.0.r4870

Description The management portal of the affected router does not contain an X-FRAME-OPTIONS header. This could be exploited by an attacker who sends a link to an administrator, framing the router's management portal and potentially luring the administrator into making changes.

Recommendations For versions 2.3.0.r4724 and 2.3.0.r4870, consider disabling access to the management portal until a patch is available that includes the X-FRAME-OPTIONS header. Restrict access to the management portal to minimize the risk of exploitation.

Fix

Clickjacking

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1021

Related Identifiers

CVE-2021-38472

Affected Products

Ir615 Router

PT-2021-22146 · Inhand Networks · Ir615 Router

CVE-2021-38472

Weakness Enumeration

Related Identifiers

Affected Products

References · 4