CVE-2024-9325 – Intelbras InControl incontrol-service-watchdog.exe unquoted search path
https://notcve.org/view.php?id=CVE-2024-9325
A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The vendor was informed early on 2024-08-05 about this issue. • https://vuldb.com/?ctiid.278829 https://vuldb.com/?id.278829 https://vuldb.com/?submit.385397 • CWE-428: Unquoted Search Path or Element •
CVE-2024-9324 – Intelbras InControl Relatório de Operadores Page operador code injection
https://notcve.org/view.php?id=CVE-2024-9324
A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. The attack may be launched remotely. • https://vuldb.com/?ctiid.278828 https://vuldb.com/?id.278828 https://vuldb.com/?submit.375614 https://youtu.be/UdZVktPUy8A • CWE-94: Improper Control of Generation of Code ('Code Injection') •