CVE-2021-38468 HIGH

CVE-2021-38468: InHand Networks IR615 Router

Vendor Inhand Networks

Product IR615 Router

Weakness CWE-79 · XSS

Published October 19, 2021

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:H

What the vulnerability does

01Description

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system.

Key dates

02Disclosure timeline

October 19, 2021 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-38468 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-5314 Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer <= 2.3.65 - DOM-Based Reflected Cross-Site Scripting via 'pdf-source' CVE-2023-6500 Shariff Wrapper <= 4.6.9 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-50822 WordPress Currency Converter Widget Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS) CVE-2025-11928 CSS & JavaScript Toolbox <= 12.0.5 - Authenticated (Admin+) Stored Cross-Site Scripting CVE-2025-0175 code-projects Online Shop view.php cross site scripting