CVE-2021-38476
InHand Networks IR615 Router
In short
The IR615 Router reveals whether a username exists based on how it responds during login attempts. An attacker can use this to discover valid user accounts on the device.
Technical detail
The authentication mechanism exhibits user enumeration vulnerability through differential response analysis (CWE-204). An unauthenticated attacker can probe the login endpoint to determine valid usernames by observing variations in authentication responses, facilitating targeted credential attacks.
Summary generated and translated by AI from the official description.
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. This may allow an attacker to enumerate different user accounts.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected products
InHand Networks · IR615 RouterWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →