Latest Intelbras Vulnerabilities

CVE-2024-22773
Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass.
Intelbras Action Rf 1200 Firmware=1.2.2
Intelbras Action RF 1200
CVE-2023-6103
Intelbras RX 1500 SSID WiFi.html cross site scripting
Intelbras Rx 1500 Firmware=1.1.9
Intelbras RX 1500
CVE-2023-36144
An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device...
Intelbras Sg 2404 Mr Firmware=1.00.54
INTELBRAS SG 2404 MR
CVE-2022-40005
Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute.
Intelbras Wifiber 120ac Inmesh Firmware>=1.1-220216<1.1-220826
Intelbras WiFiber 120AC inMesh
CVE-2022-43308
INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies.
Intelbras Sg 2404 Poe Firmware
Intelbras Sg 2404 Poe
Intelbras Sg 2404 Mr Firmware
INTELBRAS SG 2404 MR
CVE-2022-24654
Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted pay...
INTELBRAS ATA 200 Firmware=74.19.10.21
INTELBRAS ATA 200
CVE-2021-32402
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of validation and insecure configurations in inputs and modules.
Intelbras Rf 301k Firmware=1.1.2
Intelbras Rf 301k
CVE-2021-32403
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mechanisms for token protection and unsafe inputs and modules.
Intelbras Rf 301k Firmware=1.1.2
Intelbras Rf 301k
CVE-2021-3017
The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.
<=2021-01-04
<=2021-01-04
CVE-2020-24285
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx.
Intelbras Tip200 Firmware=60.61.75.22
Intelbras TIP200
Intelbras Tip200lite Firmware=60.61.75.22
Intelbras Tip200lite
CVE-2020-13886
Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal.
=60.61.75.15
=60.61.75.15
=65.61.75.22
CVE-2020-8829
CSRF on Intelbras CIP 92200 devices allows an attacker to access the panel and perform scraping or other analysis.
Intelbras Cip 92200 Firmware
Intelbras CIP 92200
CVE-2019-19517
Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html form, as demonstrated by launching a scrapy process.
Intelbras Action Rf 1200 Firmware=1.1.3
Intelbras Action RF 1200
CVE-2019-19142
Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.
Intelbras Wrn 240 Firmware=2.0.0
Intelbras Wrn 240
CVE-2019-20004
An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client ...
Intelbras Iwr 3000n Firmware=1.8.7
Intelbras IWR 3000N
CVE-2019-19995
A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user.
Intelbras Iwr 3000n Firmware=1.8.7
Intelbras IWR 3000N
CVE-2019-19516
Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password.
Intelbras Wrn 150 Firmware=1.0.18
Intelbras WRN 150
CVE-2019-17222
An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is stored XSS in the Service Name tab of the WAN configuration screen, leading to a denial of service (inability to change the config...
Intelbras Wrn 150 Firmware=1.0.17
Intelbras WRN 150
CVE-2019-17600
Intelbras Iwr 1000n Firmware=1.6.4
Intelbras IWR 1000N
CVE-2019-11415
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} st...
Intelbras Iwr 3000n Firmware=1.5.0
Intelbras IWR 3000N
CVE-2019-11414
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client ...
Intelbras Iwr 3000n Firmware=1.5.0
Intelbras IWR 3000N
CVE-2019-11416
A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user.
Intelbras Iwr 3000n Firmware=1.5.0
Intelbras IWR 3000N
CVE-2018-17337
Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast.
Intelbras Nplug Firmware=1.0.0.14
Intelbras NPLUG
CVE-2018-12456
Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, e...
Intelbras Nplug Firmware=1.0.0.14
Intelbras NPLUG
CVE-2018-12455
Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie.
Intelbras Nplug Firmware=1.0.0.14
Intelbras NPLUG
CVE-2018-10369
A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login.
Intelbras Win 240 Firmware=1.1.0
Intelbras Win 240
CVE-2018-11094
An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For exampl...
Intelbras Ncloud 300 Firmware=1.0
Intelbras NCLOUD 300

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203