Описание
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf.
Ссылки
- Third Party AdvisoryUS Government Resource
- Third Party AdvisoryUS Government Resource
Уязвимые конфигурации
Конфигурация 1
Одновременно
cpe:2.3:o:inhandnetworks:ir615_firmware:2.3.0.r4724:*:*:*:*:*:*:*
cpe:2.3:h:inhandnetworks:ir615:-:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:o:inhandnetworks:ir615_firmware:2.3.0.r4870:*:*:*:*:*:*:*
cpe:2.3:h:inhandnetworks:ir615:-:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00222
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-521
CWE-521
Связанные уязвимости
github
больше 3 лет назад
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient password policy. This may allow an attacker with obtained user credentials to enumerate passwords and impersonate other application users and perform operations on their behalf.
EPSS
Процентиль: 45%
0.00222
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-521
CWE-521