QSearchQSearch

CVE-2021-38484

9.1 CRITICAL

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an uploa...

Published: 2021-10-19 · Last updated: 2026-06-17

Severity and scoring

CVSS
9.1 CRITICAL
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CWE
CWE-434

Affected products

VendorProduct
inhandnetworksir615_firmware

Description

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not have a filter or signature check to detect or prevent an upload of malicious files to the server, which may allow an attacker, acting as an administrator, to upload malicious files. This could result in cross-site scripting, deletion of system files, and remote code execution.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-38707 A command injection vulnerability exists in the IPSec VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118, IR... (9.8 CRITICAL)
  • CVE-2026-38704 A command injection vulnerability exists in the WireGuard VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118... (9.8 CRITICAL)
  • CVE-2026-38703 A command injection vulnerability exists in the ZeroTier VPN feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118,... (9.8 CRITICAL)
  • CVE-2026-38702 A command injection vulnerability exists in the Admin Access feature of InHand Networks IR302 firmware V3.5.108, IR305 firmware V1.0.118,... (9.8 CRITICAL)
  • CVE-2021-38486 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product wit... (8.0 HIGH)

Same CWE

  • CVE-2026-40750 Unrestricted Upload of File with Dangerous Type vulnerability in themagnifico52 Kids Online Store allows Upload a Web Shell to a Web Server (9.9 CRITICAL)
  • CVE-2026-6933 The Premmerce Dev Tools plugin for WordPress is vulnerable to Remote Code Execution via missing authorization in versions up to and inclu... (8.8 HIGH)
  • CVE-2026-40772 Unauthenticated Arbitrary File Upload in GeekyBot <= 1.2.2 versions (10.0 CRITICAL)
  • CVE-2026-39591 Subscriber Arbitrary File Upload in WP-BusinessDirectory <= 4.0.0 versions (9.9 CRITICAL)
  • CVE-2026-39527 Subscriber Arbitrary File Upload in WpStream < 4.11.2 versions (5.4 MEDIUM)