CVE-2021-38480

Name of the Vulnerable Software and Affected Versions InHand Networks IR615 Router versions 2.3.0.r4724 through 2.3.0.r4870

Description The issue allows an attacker to perform cross-site request forgery when unauthorized commands are submitted from a trusted user, enabling remote actions on the router's management portal. This includes making configuration changes, changing administrator credentials, and running system commands on the router.

Recommendations For versions 2.3.0.r4724 and 2.3.0.r4870, as a temporary workaround, consider restricting access to the management portal to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.