CVE-2021-38486

HIGH Year: 2021
CVSS v3 Score
8.5
High
CVSS v2 Score
6.0
Medium
Weakness Type
CWE-285
View all →

Vulnerability Description

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected.

Related Vulnerabilities

CVE-2020-5240

HIGH
CVSS:8.5(High)

In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. The user does not require special permissions in order to do so. ...

CWE-2852020

CVE-2023-21505

HIGH
CVSS:8.6(High)

Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox.

CWE-2852023

CVE-2023-3037

HIGH
CVSS:8.6(High)

Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve persona...

CWE-2852023

CVE-2020-5232

HIGH
CVSS:8.7(High)

A user who owns an ENS domain can set a trapdoor, allowing them to transfer ownership to another user, and later regain ownership without the new owners consent or awareness. A new ENS deployment is b...

CWE-2852020

CVE-2024-47084

MEDIUM
CVSS:8.3(High)

Gradio is an open-source Python package designed for quick prototyping. This vulnerability is related to **CORS origin validation**, where the Gradio server fails to validate the request origin when a...

CWE-2852024