InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have has no account lockout policy configured for the login page of the product. This may allow an attacker to execute a brute-force password attack with no time limitation and without harming the normal operation of the user. This could allow an attacker to gain valid credentials for the product interface.
References
Link | Resource |
---|---|
https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05 | Third Party Advisory US Government Resource |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: icscert
Published: 2021-10-07T00:00:00
Updated: 2021-10-19T12:10:01
Reserved: 2021-08-10T00:00:00
Link: CVE-2021-38474
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-10-19T13:15:11.177
Modified: 2021-10-22T14:47:31.103
Link: CVE-2021-38474
JSON object: View
Redhat Information
No data.
CWE