36 results (0.002 seconds)

CVSS: 8.5EPSS: 0%CPEs: 57EXPL: 0

A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The vendor was informed early on 2024-08-05 about this issue. • https://vuldb.com/?ctiid.278829 https://vuldb.com/?id.278829 https://vuldb.com/?submit.385397 https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe • CWE-426: Untrusted Search Path CWE-428: Unquoted Search Path or Element •

CVSS: 6.5EPSS: 0%CPEs: 58EXPL: 0

A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. The attack may be launched remotely. • https://vuldb.com/?ctiid.278828 https://vuldb.com/?id.278828 https://vuldb.com/?submit.375614 https://youtu.be/UdZVktPUy8A https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-707: Improper Neutralization •

CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0

A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.268822 https://vuldb.com/?id.268822 https://vuldb.com/?submit.353502 https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe • CWE-426: Untrusted Search Path CWE-428: Unquoted Search Path or Element •

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 2

Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass. Intelbras Roteador ACtion RF 1200 1.2.2 introduce la Contraseña en Cookie, lo que resulta en Omisión de Inicio de Sesión. • https://medium.com/%40wagneralves_87750/poc-cve-2024-22773-febf0d3a5433 https://www.intelbras.com/en/router-wi-fi-5-dual-band-ac-1200-action-rf-1200 https://www.intelbras.com/en/router-wi-fi-5-dual-band-ac-1200-with-giga-port-action-rg-1200 https://www.youtube.com/watch?v=-r0TWJq55DU&t=7s • CWE-922: Insecure Storage of Sensitive Information •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1

A vulnerability has been found in Intelbras RX 1500 1.1.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /WiFi.html of the component SSID Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.245065 https://vuldb.com/?id.245065 https://www.youtube.com/watch?v=BFoGAuEGpvI • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •