Details of VAR-202110-0965

ID

VAR-202110-0965

CVE

CVE-2021-38464

TITLE

InHand Networks IR615 Router Cryptographic strength vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2021-013901

DESCRIPTION

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session. InHand Networks IR615 Router There is a security level vulnerability in.Information may be obtained and information may be tampered with. Ruimu Technology IR615 Router is a 4G industrial router of China Ruimu Technology Company

Trust: 2.25

sources: NVD: CVE-2021-38464 // JVNDB: JVNDB-2021-013901 // CNVD: CNVD-2021-82952 // VULMON: CVE-2021-38464

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-82952

AFFECTED PRODUCTS

vendor:	inhandnetworks	model:	ir615	scope:	eq	version:	2.3.0.r4724	Trust: 1.0
vendor:	inhandnetworks	model:	ir615	scope:	eq	version:	2.3.0.r4870	Trust: 1.0
vendor:	inhand	model:	ir615	scope:	eq	version:	ir615 firmware 2.3.0.r4724	Trust: 0.8
vendor:	inhand	model:	ir615	scope:	eq	version:	ir615 firmware 2.3.0.r4870	Trust: 0.8
vendor:	inhand	model:	ir615	scope:	eq	version:	-	Trust: 0.8
vendor:	ruimu	model:	ir615 router 2.3.0.r4724	scope:	-	version:	-	Trust: 0.6
vendor:	ruimu	model:	ir615 router 2.3.0.r4870	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-82952 // JVNDB: JVNDB-2021-013901 // NVD: CVE-2021-38464

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-38464
value:	HIGH
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2021-38464
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-38464
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2021-82952
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202110-399
value:	HIGH
Trust: 0.6
VULMON:	CVE-2021-38464
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-38464
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-82952
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-38464
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.2
impactScore:	5.2
version:	3.1
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2021-38464
baseSeverity:	MEDIUM
baseScore:	6.4
vectorString:	CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	1.2
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-38464
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-82952 // VULMON: CVE-2021-38464 // JVNDB: JVNDB-2021-013901 // CNNVD: CNNVD-202110-399 // NVD: CVE-2021-38464 // NVD: CVE-2021-38464

PROBLEMTYPE DATA

problemtype:	CWE-326	Trust: 1.0
problemtype:	Inappropriate cryptographic strength (CWE-326) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-013901 // NVD: CVE-2021-38464

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-399

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202110-399

PATCH

title:	Top Page	url:	https://www.inhandnetworks.com/	Trust: 0.8
title:	IR615 Router Fixes for encryption problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=167079	Trust: 0.6

sources: JVNDB: JVNDB-2021-013901 // CNNVD: CNNVD-202110-399

EXTERNAL IDS

db:	NVD	id:	CVE-2021-38464	Trust: 3.9
db:	ICS CERT	id:	ICSA-21-280-05	Trust: 3.1
db:	JVN	id:	JVNVU94119363	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-013901	Trust: 0.8
db:	CNVD	id:	CNVD-2021-82952	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3346	Trust: 0.6
db:	CS-HELP	id:	SB2021100808	Trust: 0.6
db:	CNNVD	id:	CNNVD-202110-399	Trust: 0.6
db:	VULMON	id:	CVE-2021-38464	Trust: 0.1

sources: CNVD: CNVD-2021-82952 // VULMON: CVE-2021-38464 // JVNDB: JVNDB-2021-013901 // CNNVD: CNNVD-202110-399 // NVD: CVE-2021-38464

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05	Trust: 2.9
url:	https://jvn.jp/vu/jvnvu94119363/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-38464	Trust: 0.8
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-21-280-05	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.3346	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021100808	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/326.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-82952 // VULMON: CVE-2021-38464 // JVNDB: JVNDB-2021-013901 // CNNVD: CNNVD-202110-399 // NVD: CVE-2021-38464

CREDITS

Ofir Manzur, and Nikolay Sokolik of OTORIO reported these vulnerabilities to CISA., Hay Mizrachi,Haviv Vaizman, Alik Koldobsky

Trust: 0.6

sources: CNNVD: CNNVD-202110-399

SOURCES

db:	CNVD	id:	CNVD-2021-82952
db:	VULMON	id:	CVE-2021-38464
db:	JVNDB	id:	JVNDB-2021-013901
db:	CNNVD	id:	CNNVD-202110-399
db:	NVD	id:	CVE-2021-38464

LAST UPDATE DATE

2024-08-14T13:43:17.695000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-82952	date:	2021-11-03T00:00:00
db:	VULMON	id:	CVE-2021-38464	date:	2021-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-013901	date:	2022-09-29T06:38:00
db:	CNNVD	id:	CNNVD-202110-399	date:	2021-10-25T00:00:00
db:	NVD	id:	CVE-2021-38464	date:	2021-10-22T15:13:35.490

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-82952	date:	2021-10-12T00:00:00
db:	VULMON	id:	CVE-2021-38464	date:	2021-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2021-013901	date:	2022-09-29T00:00:00
db:	CNNVD	id:	CNNVD-202110-399	date:	2021-10-07T00:00:00
db:	NVD	id:	CVE-2021-38464	date:	2021-10-19T13:15:10.893