CVE-2021-38474

Name of the Vulnerable Software and Affected Versions InHand Networks IR615 Router versions 2.3.0.r4724 through 2.3.0.r4870

Description The issue is related to the absence of an account lockout policy for the login page, which may allow an attacker to perform a brute-force password attack without time limitations, potentially gaining valid credentials for the product interface.

Recommendations For versions 2.3.0.r4724 and 2.3.0.r4870, consider implementing an account lockout policy to limit the number of incorrect login attempts to prevent brute-force password attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.