CVE-2021-38484

Name of the Vulnerable Software and Affected Versions InHand Networks IR615 Router versions 2.3.0.r4724 through 2.3.0.r4870

Description The issue allows an attacker, acting as an administrator, to upload malicious files to the server due to the lack of a filter or signature check. This could result in cross-site scripting, deletion of system files, and remote code execution.

Recommendations For versions 2.3.0.r4724 and 2.3.0.r4870, consider restricting access to file upload functionality until a patch is available. As a temporary workaround, consider implementing additional server-side checks to detect and prevent malicious file uploads. Restrict administrator access to minimize the risk of exploitation.