CVE-2018-9010
Intelbras Telefone IP TIP200 LITE - Local File Disclosure
Severity Score
7.2
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password.
Los dispositivos Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 permiten que administradores remotos autenticados lean archivos arbitrarios mediante el parámetro de página /cgi-bin/cgiServer.exx, también conocido como salto de directorio absoluto. En algunos casos, la autenticación se puede llevar a cabo mediante la cuenta de administrador con su contraseña de administrador por defecto.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-03-25 CVE Reserved
- 2018-03-25 CVE Published
- 2024-05-20 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/44317 | 2024-08-05 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Intelbras Search vendor "Intelbras" | Tip200 Firmware Search vendor "Intelbras" for product "Tip200 Firmware" | 60.0.75.29 Search vendor "Intelbras" for product "Tip200 Firmware" and version "60.0.75.29" | - |
Affected
| in | Intelbras Search vendor "Intelbras" | Tip200 Search vendor "Intelbras" for product "Tip200" | - | - |
Safe
|
| Intelbras Search vendor "Intelbras" | Tip200lite Firmware Search vendor "Intelbras" for product "Tip200lite Firmware" | 60.0.75.29 Search vendor "Intelbras" for product "Tip200lite Firmware" and version "60.0.75.29" | - |
Affected
| in | Intelbras Search vendor "Intelbras" | Tip200lite Search vendor "Intelbras" for product "Tip200lite" | - | - |
Safe
|