CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 1CVE-2018-17337 – NPLUG Wireless Repeater 1.0.0.14 CSRF / XSS / Authentication Bypass
https://notcve.org/view.php?id=CVE-2018-17337
Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast. Los dispositivos Intelbras NPLUG 1.0.0.14 tienen Cross-Site Scripting (XSS) mediante un SSID manipulado que se recibe por medio de una transmisión de red. NPLUG Wireless Repeater version 1.0.0.14 suffers from authentication bypass, cross site request forgery, and cross site scripting vulnerabilities. • http://seclists.org/fulldisclosure/2018/Oct/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2018-10369
https://notcve.org/view.php?id=CVE-2018-10369
A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login. Se ha descubierto una vulnerabilidad Cross-Site Scripting (XSS) en los dispositivos Intelbras Win 240 V1.1.0. Un atacante puede cambiar una contraseña de administrador sin iniciar sesión. • https://medium.com/%40julianpedrobraga/router-hacking-destrinchando-o-elo-mais-fraco-de-uma-rede-4d0e7fcfbd9e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 7%CPEs: 2EXPL: 2CVE-2018-11094 – Intelbras NCLOUD 300 1.0 - Authentication bypass
https://notcve.org/view.php?id=CVE-2018-11094
An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and other details are retrieved. Se ha descubierto un problema en dispositivos Intelbras NCLOUD 300 1.0. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem y /goform/vpnBasicSettings no requieren autenticación. • https://www.exploit-db.com/exploits/44637 https://blog.kos-lab.com/Hello-World • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 1CVE-2018-9010 – Intelbras Telefone IP TIP200 LITE - Local File Disclosure
https://notcve.org/view.php?id=CVE-2018-9010
Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password. Los dispositivos Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 permiten que administradores remotos autenticados lean archivos arbitrarios mediante el parámetro de página /cgi-bin/cgiServer.exx, también conocido como salto de directorio absoluto. En algunos casos, la autenticación se puede llevar a cabo mediante la cuenta de administrador con su contraseña de administrador por defecto. • https://www.exploit-db.com/exploits/44317 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 2CVE-2017-14942
https://notcve.org/view.php?id=CVE-2017-14942
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie. Los dispositivos Intelbras WRN 150 permiten que los atacantes remotos lean el archivo de configuración y omitan los mecanismos de autenticación como consecuencia mediante una petición directa a cgi-bin/DownloadCfg/RouterCfm.cfg que contiene una cookie admin:language=pt. • http://whiteboyz.xyz/authentication-bypass-intelbras-wrn-150.html https://www.exploit-db.com/exploits/42916 • CWE-552: Files or Directories Accessible to External Parties •