CVE-2024-9325

A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.
Configurations

Configuration 1 (hide)

cpe:2.3:a:intelbras:incontrol_web:*:*:*:*:*:*:*:*

History

04 Nov 2024, 19:15

Type Values Removed Values Added
Summary (en) A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20. (en) A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.
References
  • () https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf -
  • () https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe -
CWE CWE-426

07 Oct 2024, 16:06

Type Values Removed Values Added
References () https://vuldb.com/?ctiid.278829 - () https://vuldb.com/?ctiid.278829 - Permissions Required
References () https://vuldb.com/?id.278829 - () https://vuldb.com/?id.278829 - Permissions Required
References () https://vuldb.com/?submit.385397 - () https://vuldb.com/?submit.385397 - Exploit, Third Party Advisory
First Time Intelbras incontrol Web
Intelbras
CPE cpe:2.3:a:intelbras:incontrol_web:*:*:*:*:*:*:*:*

30 Sep 2024, 12:45

Type Values Removed Values Added
Summary
  • (es) Se ha detectado una vulnerabilidad clasificada como crítica en Intelbras InControl hasta la versión 2.21.56. Afecta a una parte desconocida del archivo C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. La manipulación conduce a una ruta de búsqueda sin comillas. Es posible lanzar el ataque en el host local. El proveedor fue informado de este problema el 5 de agosto de 2024. El lanzamiento de una versión corregida 2.21.58 se anunció para fines de agosto de 2024, pero luego se pospuso hasta el 20 de septiembre de 2024.

29 Sep 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-29 08:15

Updated : 2024-11-04 19:15


NVD link : CVE-2024-9325

Mitre link : CVE-2024-9325

CVE.ORG link : CVE-2024-9325


JSON object : View

Products Affected

intelbras

  • incontrol_web
CWE
CWE-426

Untrusted Search Path

CWE-428

Unquoted Search Path or Element