Vulnerabilities (CVE)

Filtered by vendor Intelbras Subscribe
Total 36 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-9010 1 Intelbras 4 Tip200, Tip200 Firmware, Tip200lite and 1 more 2024-11-21 4.0 MEDIUM 7.2 HIGH
Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password.
CVE-2018-17337 1 Intelbras 2 Nplug, Nplug Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast.
CVE-2018-12456 1 Intelbras 2 Nplug, Nplug Firmware 2024-11-21 6.8 MEDIUM 8.8 HIGH
Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access.
CVE-2018-12455 1 Intelbras 2 Nplug, Nplug Firmware 2024-11-21 9.3 HIGH 8.1 HIGH
Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie.
CVE-2018-11094 1 Intelbras 2 Ncloud 300, Ncloud 300 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and other details are retrieved.
CVE-2018-10369 1 Intelbras 2 Win 240, Win 240 Firmware 2024-11-21 10.0 HIGH 9.8 CRITICAL
A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login.
CVE-2017-14942 1 Intelbras 2 Wrn 150, Wrn 150 Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie.
CVE-2017-14219 1 Intelbras 2 Wrn 240, Wrn 240 Firmware 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated by an "airbase-ng -e" command.
CVE-2024-9325 1 Intelbras 1 Incontrol Web 2024-11-04 6.8 MEDIUM 7.8 HIGH
A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.
CVE-2024-9324 1 Intelbras 1 Incontrol Web 2024-11-04 6.5 MEDIUM 8.8 HIGH
A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.
CVE-2024-6080 1 Intelbras 1 Incontrol 2024-11-04 6.8 MEDIUM 7.8 HIGH
A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and plans to provide a solution within the next few weeks.
CVE-2023-6103 1 Intelbras 2 Rx 1500, Rx 1500 Firmware 2024-05-17 3.3 LOW 5.4 MEDIUM
A vulnerability has been found in Intelbras RX 1500 1.1.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /WiFi.html of the component SSID Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245065 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-22773 1 Intelbras 2 Action Rf 1200, Action Rf 1200 Firmware 2024-04-29 N/A 8.1 HIGH
Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass.
CVE-2023-36144 1 Intelbras 2 Sg 2404 Mr, Sg 2404 Mr Firmware 2024-02-28 N/A 7.5 HIGH
An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.
CVE-2022-43308 1 Intelbras 4 Sg 2404 Mr, Sg 2404 Mr Firmware, Sg 2404 Poe and 1 more 2024-02-28 N/A 7.8 HIGH
INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies.
CVE-2022-40005 1 Intelbras 2 Wifiber 120ac Inmesh, Wifiber 120ac Inmesh Firmware 2024-02-28 N/A 8.8 HIGH
Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute.
CVE-2022-24654 1 Intelbras 2 Ata 200, Ata 200 Firmware 2024-02-28 N/A 5.4 MEDIUM
Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload.
CVE-2021-3017 1 Intelbras 4 Win 300, Win 300 Firmware, Wrn 342 and 1 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.
CVE-2021-32402 1 Intelbras 2 Rf 301k, Rf 301k Firmware 2024-02-28 6.8 MEDIUM 8.8 HIGH
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of validation and insecure configurations in inputs and modules.
CVE-2020-24285 1 Intelbras 4 Tip200, Tip200 Firmware, Tip200lite and 1 more 2024-02-28 5.0 MEDIUM 7.5 HIGH
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx.