Filtered by vendor Intelbras
Subscriptions
Total
33 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6103 | 1 Intelbras | 2 Rx 1500, Rx 1500 Firmware | 2024-05-17 | 5.4 Medium |
| A vulnerability has been found in Intelbras RX 1500 1.1.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /WiFi.html of the component SSID Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245065 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-22773 | 1 Intelbras | 2 Action Rf 1200, Action Rf 1200 Firmware | 2024-04-29 | 8.1 High |
| Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass. | ||||
| CVE-2017-14219 | 1 Intelbras | 2 Wrn 240, Wrn 240 Firmware | 2024-02-14 | N/A |
| XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated by an "airbase-ng -e" command. | ||||
| CVE-2017-14942 | 1 Intelbras | 2 Wrn 150, Wrn 150 Firmware | 2024-02-14 | N/A |
| Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie. | ||||
| CVE-2019-20004 | 1 Intelbras | 2 Iwr 3000n, Iwr 3000n Firmware | 2023-11-07 | 8.8 High |
| An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router. | ||||
| CVE-2019-19996 | 1 Intelbras | 2 Iwr 3000n, Iwr 3000n Firmware | 2023-11-07 | 7.5 High |
| An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login. | ||||
| CVE-2019-19995 | 1 Intelbras | 2 Iwr 3000n, Iwr 3000n Firmware | 2023-11-07 | 8.8 High |
| A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user. | ||||
| CVE-2019-19007 | 1 Intelbras | 2 Iwr 3000n, Iwr 3000n Firmware | 2023-11-07 | 7.2 High |
| Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue to CVE-2019-17600. | ||||
| CVE-2018-10369 | 1 Intelbras | 2 Win 240, Win 240 Firmware | 2023-11-07 | N/A |
| A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login. | ||||
| CVE-2023-36144 | 1 Intelbras | 2 Sg 2404 Mr, Sg 2404 Mr Firmware | 2023-07-10 | 7.5 High |
| An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration. | ||||
| CVE-2019-19142 | 1 Intelbras | 2 Wrn 240, Wrn 240 Firmware | 2023-02-01 | 7.5 High |
| Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI. | ||||
| CVE-2022-40005 | 1 Intelbras | 2 Wifiber 120ac Inmesh, Wifiber 120ac Inmesh Firmware | 2023-01-05 | 8.8 High |
| Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute. | ||||
| CVE-2022-43308 | 1 Intelbras | 4 Sg 2404 Mr, Sg 2404 Mr Firmware, Sg 2404 Poe and 1 more | 2022-11-23 | 7.8 High |
| INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies. | ||||
| CVE-2022-24654 | 1 Intelbras | 2 Ata 200, Ata 200 Firmware | 2022-10-26 | 5.4 Medium |
| Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload. | ||||
| CVE-2020-12262 | 1 Intelbras | 6 Tip200, Tip200 Firmware, Tip200lite and 3 more | 2022-08-06 | 5.4 Medium |
| Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS. | ||||
| CVE-2020-13886 | 1 Intelbras | 6 Tip200, Tip200 Firmware, Tip200lite and 3 more | 2022-08-06 | 5.3 Medium |
| Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal. | ||||
| CVE-2021-32403 | 1 Intelbras | 2 Rf 301k, Rf 301k Firmware | 2022-01-01 | 8.8 High |
| Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mechanisms for token protection and unsafe inputs and modules. | ||||
| CVE-2018-9010 | 1 Intelbras | 4 Tip200, Tip200 Firmware, Tip200lite and 1 more | 2021-09-09 | 7.2 High |
| Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password. | ||||
| CVE-2020-24285 | 1 Intelbras | 4 Tip200, Tip200 Firmware, Tip200lite and 1 more | 2021-09-09 | 7.5 High |
| INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx. | ||||
| CVE-2021-32402 | 1 Intelbras | 2 Rf 301k, Rf 301k Firmware | 2021-05-25 | 8.8 High |
| Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of validation and insecure configurations in inputs and modules. | ||||