// For flags

CVE-2019-19142

Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.

Los dispositivos Intelbras WRN240 no requieren autenticaciĆ³n para reemplazar el firmware por medio de una peticiĆ³n POST en el URI incoming/Firmware.cfg.

Intelbras Wireless N 150Mbps WRN240 suffers from a configuration upload authentication bypass vulnerability.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-11-21 CVE Reserved
  • 2020-01-17 CVE Published
  • 2020-03-02 First Exploit
  • 2024-08-05 CVE Updated
  • 2024-10-03 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-306: Missing Authentication for Critical Function
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Intelbras
Search vendor "Intelbras"
 Wrn 240 Firmware
Search vendor "Intelbras" for product "Wrn 240 Firmware"
 2.0.0
Search vendor "Intelbras" for product "Wrn 240 Firmware" and version "2.0.0"
-
Affected
in Intelbras
Search vendor "Intelbras"
 Wrn 240
Search vendor "Intelbras" for product "Wrn 240"
--
Safe