CVE-2018-11094

An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and other details are retrieved.

Published : 2018-05-15 19:29 Updated : 2018-06-22 16:20

10.0
CVSS Score More info
Score 10.0 / 10
10.0
Vendor Product Version URI
Intelbras Ncloud 300 Firmware 1.0 cpe:/o:intelbras:ncloud_300_firmware:1.0
  1. Intelbras (1) Search CVE
    1. Ncloud 300 Firmware (1) Search CVE
      1. 1.0

CWE

ID Name Description Links
CWE-798 Use of Hard-coded Credentials The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. CVE

History of changes

Date Event
2018-06-22 16:20
2018-05-20 01:29
2018-05-15 19:29

New CVE