CVSS: 8.5EPSS: 0%CPEs: 57EXPL: 0CVE-2024-9325 – Intelbras InControl incontrol-service-watchdog.exe unquoted search path
https://notcve.org/view.php?id=CVE-2024-9325
A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The vendor was informed early on 2024-08-05 about this issue. • https://vuldb.com/?ctiid.278829 https://vuldb.com/?id.278829 https://vuldb.com/?submit.385397 https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe • CWE-426: Untrusted Search Path CWE-428: Unquoted Search Path or Element •
CVSS: 6.5EPSS: 0%CPEs: 58EXPL: 0CVE-2024-9324 – Intelbras InControl Relatório de Operadores Page operador code injection
https://notcve.org/view.php?id=CVE-2024-9324
A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. The attack may be launched remotely. • https://vuldb.com/?ctiid.278828 https://vuldb.com/?id.278828 https://vuldb.com/?submit.375614 https://youtu.be/UdZVktPUy8A https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-707: Improper Neutralization •