CVSS: 8.5EPSS: 0%CPEs: 57EXPL: 0CVE-2024-9325 – Intelbras InControl incontrol-service-watchdog.exe unquoted search path
https://notcve.org/view.php?id=CVE-2024-9325
A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The vendor was informed early on 2024-08-05 about this issue. • https://vuldb.com/?ctiid.278829 https://vuldb.com/?id.278829 https://vuldb.com/?submit.385397 • CWE-428: Unquoted Search Path or Element •
CVSS: 6.5EPSS: 0%CPEs: 58EXPL: 0CVE-2024-9324 – Intelbras InControl Relatório de Operadores Page operador code injection
https://notcve.org/view.php?id=CVE-2024-9324
A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. The attack may be launched remotely. • https://vuldb.com/?ctiid.278828 https://vuldb.com/?id.278828 https://vuldb.com/?submit.375614 https://youtu.be/UdZVktPUy8A • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6080 – Intelbras InControl incontrolWebcam Service unquoted search path
https://notcve.org/view.php?id=CVE-2024-6080
A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.268822 https://vuldb.com/?id.268822 https://vuldb.com/?submit.353502 • CWE-428: Unquoted Search Path or Element •
CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 2CVE-2024-22773
https://notcve.org/view.php?id=CVE-2024-22773
Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass. Intelbras Roteador ACtion RF 1200 1.2.2 introduce la Contraseña en Cookie, lo que resulta en Omisión de Inicio de Sesión. • https://medium.com/%40wagneralves_87750/poc-cve-2024-22773-febf0d3a5433 https://www.intelbras.com/en/router-wi-fi-5-dual-band-ac-1200-action-rf-1200 https://www.intelbras.com/en/router-wi-fi-5-dual-band-ac-1200-with-giga-port-action-rg-1200 https://www.youtube.com/watch?v=-r0TWJq55DU&t=7s • CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 1CVE-2023-6103 – Intelbras RX 1500 SSID WiFi.html cross site scripting
https://notcve.org/view.php?id=CVE-2023-6103
A vulnerability has been found in Intelbras RX 1500 1.1.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /WiFi.html of the component SSID Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.245065 https://vuldb.com/?id.245065 https://www.youtube.com/watch?v=BFoGAuEGpvI • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •