CVE-2021-38476

Name of the Vulnerable Software and Affected Versions InHand Networks IR615 Router versions 2.3.0.r4724 through 2.3.0.r4870

Description The authentication process in the affected router versions indicates and validates the existence of a username in its response. This behavior may allow an attacker to enumerate different user accounts by analyzing the responses to authentication attempts.

Recommendations For versions 2.3.0.r4724 through 2.3.0.r4870, consider modifying the authentication process to prevent it from indicating the existence of usernames, or restrict access to the authentication endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.