Vulnerabilities > Intelbras

DATE CVE VULNERABILITY TITLE RISK
2024-09-29 CVE-2024-9325 Untrusted Search Path vulnerability in Intelbras Incontrol web
A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56.
local
low complexity
intelbras CWE-426
7.8
2024-09-29 CVE-2024-9324 Improper Enforcement of Message or Data Structure vulnerability in Intelbras Incontrol web
A vulnerability was found in Intelbras InControl up to 2.21.57.
network
low complexity
intelbras CWE-707
8.8
2024-06-17 CVE-2024-6080 Unspecified vulnerability in Intelbras Incontrol 2.21.56
A vulnerability classified as critical was found in Intelbras InControl 2.21.56.
local
low complexity
intelbras
7.8
2024-02-06 CVE-2024-22773 Insecure Storage of Sensitive Information vulnerability in Intelbras Action RF 1200 Firmware 1.2.2
Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass.
network
high complexity
intelbras CWE-922
8.1
2023-11-13 CVE-2023-6103 Unspecified vulnerability in Intelbras RX 1500 Firmware 1.1.9
A vulnerability has been found in Intelbras RX 1500 1.1.9 and classified as problematic.
network
low complexity
intelbras
5.4
2023-06-30 CVE-2023-36144 Missing Authorization vulnerability in Intelbras SG 2404 MR Firmware 1.00.54
An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.
network
low complexity
intelbras CWE-862
7.5
2022-12-25 CVE-2022-40005 OS Command Injection vulnerability in Intelbras Wifiber 120Ac Inmesh Firmware 1.1220216
Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute.
network
low complexity
intelbras CWE-78
8.8
2022-11-18 CVE-2022-43308 Improper Privilege Management vulnerability in Intelbras SG 2404 MR Firmware and SG 2404 POE Firmware
INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies.
local
low complexity
intelbras CWE-269
7.8
2022-08-15 CVE-2022-24654 Cross-site Scripting vulnerability in Intelbras ATA 200 Firmware 74.19.10.21
Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload.
network
low complexity
intelbras CWE-79
5.4
2021-05-17 CVE-2021-32402 Cross-Site Request Forgery (CSRF) vulnerability in Intelbras RF 301K Firmware 1.1.2
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of validation and insecure configurations in inputs and modules.
network
low complexity
intelbras CWE-352
8.8