Details of VAR-202110-0966

ID

VAR-202110-0966

CVE

CVE-2021-38462

TITLE

InHand Networks IR615 Router Vulnerability in requesting weak passwords in

Trust: 0.8

sources: JVNDB: JVNDB-2021-013902

DESCRIPTION

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf. InHand Networks IR615 Router contains a weak password requirement vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Ruimu Technology IR615 Router is a 4G industrial router of China Ruimu Technology Company. IR615 Router has a security vulnerability

Trust: 2.25

sources: NVD: CVE-2021-38462 // JVNDB: JVNDB-2021-013902 // CNVD: CNVD-2021-82943 // VULMON: CVE-2021-38462

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-82943

AFFECTED PRODUCTS

vendor:	inhandnetworks	model:	ir615	scope:	eq	version:	2.3.0.r4724	Trust: 1.0
vendor:	inhandnetworks	model:	ir615	scope:	eq	version:	2.3.0.r4870	Trust: 1.0
vendor:	inhand	model:	ir615	scope:	eq	version:	ir615 firmware 2.3.0.r4724	Trust: 0.8
vendor:	inhand	model:	ir615	scope:	eq	version:	ir615 firmware 2.3.0.r4870	Trust: 0.8
vendor:	inhand	model:	ir615	scope:	eq	version:	-	Trust: 0.8
vendor:	ruimu	model:	ir615 router 2.3.0.r4724	scope:	-	version:	-	Trust: 0.6
vendor:	ruimu	model:	ir615 router 2.3.0.r4870	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-82943 // JVNDB: JVNDB-2021-013902 // NVD: CVE-2021-38462

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-38462
value:	CRITICAL
Trust: 1.0
ics-cert@hq.dhs.gov:	CVE-2021-38462
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-38462
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2021-82943
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202110-390
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2021-38462
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-38462
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-82943
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-38462
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-013902
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-82943 // VULMON: CVE-2021-38462 // JVNDB: JVNDB-2021-013902 // CNNVD: CNNVD-202110-390 // NVD: CVE-2021-38462 // NVD: CVE-2021-38462

PROBLEMTYPE DATA

problemtype:	CWE-521	Trust: 1.0
problemtype:	Weak password request (CWE-521) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-013902 // NVD: CVE-2021-38462

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-390

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-390

PATCH

title:	Top Page	url:	https://www.inhandnetworks.com/	Trust: 0.8
title:	IR615 Router Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=165061	Trust: 0.6

sources: JVNDB: JVNDB-2021-013902 // CNNVD: CNNVD-202110-390

EXTERNAL IDS

db:	NVD	id:	CVE-2021-38462	Trust: 3.9
db:	ICS CERT	id:	ICSA-21-280-05	Trust: 3.1
db:	JVN	id:	JVNVU94119363	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-013902	Trust: 0.8
db:	CNVD	id:	CNVD-2021-82943	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.3346	Trust: 0.6
db:	CS-HELP	id:	SB2021100808	Trust: 0.6
db:	CNNVD	id:	CNNVD-202110-390	Trust: 0.6
db:	VULMON	id:	CVE-2021-38462	Trust: 0.1

sources: CNVD: CNVD-2021-82943 // VULMON: CVE-2021-38462 // JVNDB: JVNDB-2021-013902 // CNNVD: CNNVD-202110-390 // NVD: CVE-2021-38462

REFERENCES

url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-280-05	Trust: 2.9
url:	https://jvn.jp/vu/jvnvu94119363/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-38462	Trust: 0.8
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-21-280-05	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.3346	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021100808	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/521.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-82943 // VULMON: CVE-2021-38462 // JVNDB: JVNDB-2021-013902 // CNNVD: CNNVD-202110-390 // NVD: CVE-2021-38462

CREDITS

Ofir Manzur, and Nikolay Sokolik of OTORIO reported these vulnerabilities to CISA., Hay Mizrachi,Haviv Vaizman, Alik Koldobsky

Trust: 0.6

sources: CNNVD: CNNVD-202110-390

SOURCES

db:	CNVD	id:	CNVD-2021-82943
db:	VULMON	id:	CVE-2021-38462
db:	JVNDB	id:	JVNDB-2021-013902
db:	CNNVD	id:	CNNVD-202110-390
db:	NVD	id:	CVE-2021-38462

LAST UPDATE DATE

2024-08-14T13:43:18.021000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-82943	date:	2021-11-03T00:00:00
db:	VULMON	id:	CVE-2021-38462	date:	2021-10-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-013902	date:	2022-09-29T06:41:00
db:	CNNVD	id:	CNNVD-202110-390	date:	2021-10-25T00:00:00
db:	NVD	id:	CVE-2021-38462	date:	2021-10-22T15:06:37.917

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-82943	date:	2021-10-12T00:00:00
db:	VULMON	id:	CVE-2021-38462	date:	2021-10-19T00:00:00
db:	JVNDB	id:	JVNDB-2021-013902	date:	2022-09-29T00:00:00
db:	CNNVD	id:	CNNVD-202110-390	date:	2021-10-07T00:00:00
db:	NVD	id:	CVE-2021-38462	date:	2021-10-19T13:15:10.833