Filtered by vendor Intelbras
Subscribe
Search
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17600 | 1 Intelbras | 2 Iwr 1000n, Iwr 1000n Firmware | 2019-11-16 | 10.0 HIGH | 9.8 CRITICAL |
| Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled. | |||||
| CVE-2017-14942 | 1 Intelbras | 2 Wrn 150, Wrn 150 Firmware | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie. | |||||
| CVE-2018-10369 | 1 Intelbras | 2 Win 240, Win 240 Firmware | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login. | |||||
| CVE-2018-11094 | 1 Intelbras | 2 Ncloud 300, Ncloud 300 Firmware | 2018-06-22 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and other details are retrieved. | |||||