Filtered by vendor Intelbras
Subscribe
Total
36 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-19007 | 1 Intelbras | 2 Iwr 3000n, Iwr 3000n Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue to CVE-2019-17600. | |||||
CVE-2019-17600 | 1 Intelbras | 2 Iwr 1000n, Iwr 1000n Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled. | |||||
CVE-2019-17222 | 1 Intelbras | 2 Wrn 150, Wrn 150 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is stored XSS in the Service Name tab of the WAN configuration screen, leading to a denial of service (inability to change the configuration). | |||||
CVE-2019-11416 | 1 Intelbras | 2 Iwr 3000n, Iwr 3000n Firmware | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user. | |||||
CVE-2019-11415 | 1 Intelbras | 2 Iwr 3000n, Iwr 3000n Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login. | |||||
CVE-2019-11414 | 1 Intelbras | 2 Iwr 3000n, Iwr 3000n Firmware | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router. | |||||
CVE-2018-9010 | 1 Intelbras | 4 Tip200, Tip200 Firmware, Tip200lite and 1 more | 2024-11-21 | 4.0 MEDIUM | 7.2 HIGH |
Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password. | |||||
CVE-2018-17337 | 1 Intelbras | 2 Nplug, Nplug Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast. | |||||
CVE-2018-12456 | 1 Intelbras | 2 Nplug, Nplug Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access. | |||||
CVE-2018-12455 | 1 Intelbras | 2 Nplug, Nplug Firmware | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie. | |||||
CVE-2018-11094 | 1 Intelbras | 2 Ncloud 300, Ncloud 300 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and other details are retrieved. | |||||
CVE-2018-10369 | 1 Intelbras | 2 Win 240, Win 240 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login. | |||||
CVE-2017-14942 | 1 Intelbras | 2 Wrn 150, Wrn 150 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie. | |||||
CVE-2017-14219 | 1 Intelbras | 2 Wrn 240, Wrn 240 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated by an "airbase-ng -e" command. | |||||
CVE-2024-9325 | 1 Intelbras | 1 Incontrol Web | 2024-11-04 | 6.8 MEDIUM | 7.8 HIGH |
A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20. | |||||
CVE-2024-9324 | 1 Intelbras | 1 Incontrol Web | 2024-11-04 | 6.5 MEDIUM | 8.8 HIGH |
A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20. |