7.4
CVE-2021-38464
- EPSS 0.04%
- Veröffentlicht 19.10.2021 13:15:10
- Zuletzt bearbeitet 21.11.2024 06:17:10
- Quelle ics-cert@hq.dhs.gov
- CVE-Watchlists
- Unerledigt
LoginInHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 have inadequate encryption strength, which may allow an attacker to intercept the communication and steal sensitive information or hijack the session.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Inhandnetworks ≫ Ir615 Firmware Version2.3.0.r4724
Inhandnetworks ≫ Ir615 Firmware Version2.3.0.r4870
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.078 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.4 | 2.2 | 5.2 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
| ics-cert@hq.dhs.gov | 6.4 | 1.2 | 5.2 |
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
|
CWE-326 Inadequate Encryption Strength
The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.