ICSA-21-280-05 · Published 2021-11-30 · View on CISA ICS-CERT ↗

InHand Networks IR615 Router (Update A)

CVSS 9.8 CRITICAL

Risk Summary

Successful exploitation of these vulnerabilities may allow an attacker to have full control over the product, remotely perform actions on the product, intercept communication and steal sensitive information, session hijacking, and successful brute-force against user passwords. Additional successful exploitation may allow for the uploading of malicious files, deletion of system files, execution of remote code, and enumeration of user accounts and passwords.

CVEs (13)

CVE-2021-38472 CVE-2021-38486 CVE-2021-38480 CVE-2021-38464 CVE-2021-38474 CVE-2021-38484 CVE-2021-38466 CVE-2021-38470 CVE-2021-38478 CVE-2021-38482 CVE-2021-38468 CVE-2021-38476 CVE-2021-38462

Remediations

InHand Networks recommends users upgrade to version InRouter6XX-S-V2.3.0.r5484 or later.
For additional information, please refer to InHand's Product Security Advisory InHand-PSA-2021-01

Affected Vendors

InHand Networks

Affected Products (1)

InHand Networks · IR615 Router <= 2.3.0.r5417

Affected Sectors

Multiple

Get alerted to advisories like this

OTWarden monitors CISA, BSI, Siemens, Rockwell and more — and emails you within 2 hours when your vendors are affected.

Start free trial Learn more