Vulnerabilities (CVE)

Vendor filter

Intelbras Subscribe

Filter

12 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17600 1 Intelbras 1 Iwr 1000n Firmware 2019-10-15 10.0
Intelbras IWR 1000N 1.6.4 devices allows disclosure of the administrator login name and password because v1/system/user is mishandled.
CVE-2017-14942 1 Intelbras 1 Wrn 150 Firmware 2019-10-03 7.5
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie.
CVE-2018-10369 1 Intelbras 1 Win 240 Firmware 2019-10-03 10.0
A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login.
CVE-2019-11415 1 Intelbras 1 Iwr 3000n Firmware 2019-05-10 7.8
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login.
CVE-2019-11416 1 Intelbras 1 Iwr 3000n Firmware 2019-05-06 9.3
A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user.
CVE-2019-11414 1 Intelbras 1 Iwr 3000n Firmware 2019-04-22 4.3
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete...
CVE-2018-12455 1 Intelbras 1 Nplug Firmware 2018-11-28 9.3
Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie.
CVE-2018-12456 1 Intelbras 1 Nplug Firmware 2018-11-28 6.8
Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating...
CVE-2018-17337 1 Intelbras 1 Nplug Firmware 2018-11-28 4.3
Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast.
CVE-2018-11094 1 Intelbras 1 Ncloud 300 Firmware 2018-06-22 10.0
An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to...
CVE-2018-9010 1 Intelbras 1 Telefone Ip Firmware 2018-04-20 5.0
Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the...
CVE-2017-14219 1 Intelbras 1 Wrn 240 Firmware 2017-09-19 4.3
XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm....