Page 2 of 36 results (0.045 seconds)

CVSS: 7.5EPSS: 3%CPEs: 2EXPL: 1

CVE-2023-36144

https://notcve.org/view.php?id=CVE-2023-36144

An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration. • https://github.com/leonardobg/CVE-2023-36144 http://intelbras.com • CWE-862: Missing Authorization •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 2

CVE-2022-40005 – Intelbras WiFiber 120AC inMesh 1.1-220216 Command Injection

https://notcve.org/view.php?id=CVE-2022-40005

Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute. Intelbras WiFiber 120AC inMesh anterior a 1-1-220826 permite la inyección de comandos por parte de usuarios autenticados, como lo demuestran los URI /boaform/formPing6 y /boaform/formTracert para ping y traceroute. Intelbras WiFiber 120AC inMesh version 1.1-220216 suffers from an authenticated command injection vulnerability. • https://cyberdanube.com/en/authenticated-command-injection-in-intelbras-wifiber-120ac-inmesh https://seclists.org/fulldisclosure/2022/Dec/13 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1

CVE-2022-43308

https://notcve.org/view.php?id=CVE-2022-43308

INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies. INTELBRAS SG 2404 MR 20180928-rel64938 permite a atacantes autenticados crear arbitrariamente cuentas de administrador a través de cookies de usuario manipuladas. • https://github.com/vitorespf/Advisories/blob/master/Intelbras-switch.txt https://www.intelbras.com/pt-br/switch-gerenciavel-24-portas-poe-gigabit-ethernet-sg-2404-poe • CWE-269: Improper Privilege Management •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 2

CVE-2022-24654

https://notcve.org/view.php?id=CVE-2022-24654

Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado y autenticado en el campo "Field Server Address" en INTELBRAS ATA 200 Firmware 74.19.10.21, permite a atacantes inyectar código JavaScript mediante una carga útil diseñada. • https://github.com/leonardobg/CVE-2022-24654 http://intelbras.com https://packetstormsecurity.com/files/168064/Intelbras-ATA-200-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 3

CVE-2021-32403 – Intelbras Router RF 301K - 'DNS Hijacking' Cross-Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2021-32403

Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mechanisms for token protection and unsafe inputs and modules. Intelbras Router RF 301K Firmware versión 1.1.2, es vulnerable a un ataque de tipo Cross Site Request Forgery (CSRF) debido a una falta de mecanismos de seguridad para la protección de tokens y entradas y módulos no seguros Intelbras Router RF 301K with firmware versions 1.1.2 through 1.1.5 suffer from a cross site request forgery vulnerability. • https://www.exploit-db.com/exploits/49969 http://packetstormsecurity.com/files/163023/Intelbras-Router-RF-301K-Cross-Site-Request-Forgery.html https://www.youtube.com/watch?v=1Ed-2xBFG3M • CWE-352: Cross-Site Request Forgery (CSRF) •