First published: Tue May 15 2018(Updated: )
An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and other details are retrieved.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Intelbras Ncloud 300 Firmware | =1.0 | |
Intelbras NCLOUD 300 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-11094 is a vulnerability found in Intelbras NCLOUD 300 1.0 devices that allows unauthorized access to certain endpoints.
CVE-2018-11094 has a severity rating of 9.8 (Critical).
CVE-2018-11094 affects Intelbras NCLOUD 300 1.0 firmware.
No, only the Intelbras NCLOUD 300 1.0 devices with specific firmware versions are vulnerable to CVE-2018-11094.
Unfortunately, there is no known fix or patch available for CVE-2018-11094 at this time. It is recommended to implement other security measures to mitigate the vulnerability.