An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and other details are retrieved.
References
Link | Resource |
---|---|
https://blog.kos-lab.com/Hello-World/ | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/44637/ | Exploit Third Party Advisory VDB Entry |
https://blog.kos-lab.com/Hello-World/ | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/44637/ | Exploit Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
History
21 Nov 2024, 03:42
Type | Values Removed | Values Added |
---|---|---|
References | () https://blog.kos-lab.com/Hello-World/ - Exploit, Third Party Advisory | |
References | () https://www.exploit-db.com/exploits/44637/ - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2018-05-15 19:29
Updated : 2024-11-21 03:42
NVD link : CVE-2018-11094
Mitre link : CVE-2018-11094
CVE.ORG link : CVE-2018-11094
JSON object : View
Products Affected
intelbras
- ncloud_300_firmware
- ncloud_300
CWE
CWE-798
Use of Hard-coded Credentials