CVE-2021-38466

Summary

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page. This may allow an attacker to perform a reflected cross-site scripting attack, which could allow an attacker to run code on behalf of the client browser.

Affected Software

VendorProductVersion RangeStatus
InHand NetworksIR615 Router2.3.0.r4724 and 2.3.0.r4870affected

Weaknesses

  • CWE-79: IMPROPER NEUTRALIZATION OF INPUT DURING WEB PAGE GENERATION ('CROSS-SITE SCRIPTING') CWE-79

Workarounds

InHand Networks has not responded to requests to work with CISA to mitigate these vulnerabilities. Users of this affected product are invited to contact InHand Networks customer support.

ADP Enrichment

CVE Program Container

Additional References

References