CVE-2021-38474

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. This may allow an attacker to execute a brute-force password attack with no time limitation and without harming the normal operation of the user. This could allow an attacker to gain valid credentials for the product interface.
References
Link Resource
https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 Third Party Advisory US Government Resource
Configurations

Configuration 1


Information

Published : 2021-10-19 01:15

Updated : 2021-10-22 02:47


NVD link : CVE-2021-38474

Mitre link : CVE-2021-38474

Products Affected
No products.
CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts