CVSS: 8.5EPSS: 0%CPEs: 57EXPL: 0CVE-2024-9325 – Intelbras InControl incontrol-service-watchdog.exe unquoted search path
https://notcve.org/view.php?id=CVE-2024-9325
A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The vendor was informed early on 2024-08-05 about this issue. • https://vuldb.com/?ctiid.278829 https://vuldb.com/?id.278829 https://vuldb.com/?submit.385397 https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe • CWE-426: Untrusted Search Path CWE-428: Unquoted Search Path or Element •
CVSS: 6.5EPSS: 0%CPEs: 58EXPL: 0CVE-2024-9324 – Intelbras InControl Relatório de Operadores Page operador code injection
https://notcve.org/view.php?id=CVE-2024-9324
A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. The attack may be launched remotely. • https://vuldb.com/?ctiid.278828 https://vuldb.com/?id.278828 https://vuldb.com/?submit.375614 https://youtu.be/UdZVktPUy8A https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-707: Improper Neutralization •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6080 – Intelbras InControl incontrolWebcam Service unquoted search path
https://notcve.org/view.php?id=CVE-2024-6080
A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.268822 https://vuldb.com/?id.268822 https://vuldb.com/?submit.353502 https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe • CWE-426: Untrusted Search Path CWE-428: Unquoted Search Path or Element •