CVE-2021-32402
https://notcve.org/view.php?id=CVE-2021-32402
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of validation and insecure configurations in inputs and modules. Intelbras Router RF 301K Firmware versión 1.1.2, es vulnerable a un ataque de tipo Cross Site Request Forgery (CSRF) debido a una falta de comprobación y configuraciones no seguras en entradas y módulos • https://www.youtube.com/watch?v=X2cU9MBN2Ys • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2021-3017
https://notcve.org/view.php?id=CVE-2021-3017
The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code. La interfaz web en los dispositivos Intelbras WIN 300 y WRN 342 hasta el 04-01-2021, permite a atacantes remotos detectar credenciales mediante la lectura de la línea def_wirelesspassword en el código fuente HTML • https://pastebin.com/cTYTf0Yn https://www.intelbras.com/pt-br/ajuda-download/faq/roteador-wireless-veloz-wrn-342 •
CVE-2020-24285
https://notcve.org/view.php?id=CVE-2020-24285
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx. INTELBRAS TELEFONE IP TIP200 versión 60.61.75.22, permite a un atacante obtener información confidencial por medio del archivo /cgi-bin/cgiServer.exx • http://intelbras.com https://github.com/SecLoop/CVE/blob/main/telefone_ip_tip200.md •
CVE-2020-12262
https://notcve.org/view.php?id=CVE-2020-12262
Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS. Los dispositivos Intelbras TIP200 versiones 60.61.75.15, TIP200LITE versiones 60.61.75.15 y TIP300 versiones 65.61.75.15, permiten un ataque de tipo XSS en /cgi-bin/cgiServer.exx?page= • https://blog.skullsec.com.br/CVE-2020-12262 https://lucxs.medium.com/cve-2020-12262-xss-voip-intelbras-d5697e31fbf6 https://www.youtube.com/watch?v=rihboOgiJRs • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-13886
https://notcve.org/view.php?id=CVE-2020-13886
Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal. Los dispositivos Intelbras TIP 200 versiones 60.61.75.15, TIP 200 LITE versiones 60.61.75.15 y TIP 300 versiones 65.61.75.22, permiten un Salto de Directorio en cgi-bin/cgiServer.exx?page=. • https://github.com/Ls4ss/CVE-2020-13886 https://github.com/lucxssouza/CVE-2020-13886 https://lucxs.medium.com/cve-2020-13886-lfi-voip-intelbras-d30f27a39b22 https://www.youtube.com/watch?v=nNKBRx8IglI • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •