CVE-2024-3160
Intelbras HDCVI 1016 HTTP GET Request cap.js information disclosure
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
** DISPUTED ** A vulnerability, which was classified as problematic, was found in Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 and HDCVI 1016 up to 20240401. This affects an unknown part of the file /cap.js of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-258933 was assigned to this vulnerability. NOTE: The vendor explains that they do not classify the information shown as sensitive and therefore there is no vulnerability which is about to harm the user.
** EN DISPUTA ** Se ha encontrado una vulnerabilidad clasificada como problemática en Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 y HDCVI 1016 hasta 20240401. Esto afecta a una parte desconocida del archivo /cap.js del componente HTTP GET Request Handler. La manipulación conduce a la divulgación de información. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede utilizarse. Por el momento todavía se duda de la existencia real de esta vulnerabilidad. A esta vulnerabilidad se le asignó el identificador VDB-258933. NOTA: El proveedor explica que no clasifica la información mostrada como sensible y por lo tanto no existe ninguna vulnerabilidad que esté a punto de dañar al usuario.
Es wurde eine problematische Schwachstelle in Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 and HDCVI 1016 bis 20240401 gefunden. Dabei betrifft es einen unbekannter Codeteil der Datei /cap.js der Komponente HTTP GET Request Handler. Durch Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. Die wahre Existenz der vermeintlichen Schwachstelle wird zur Zeit in Frage gestellt.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-04-01 CVE Reserved
- 2024-04-02 CVE Published
- 2024-04-02 EPSS Updated
- 2024-08-26 CVE Updated
- 2024-08-26 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://vuldb.com/?id.258933 | Vdb Entry | |
| https://vuldb.com/?submit.305410 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://github.com/netsecfish/intelbras_cap_js | 2024-08-26 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Intelbras Search vendor "Intelbras" | Hdcvi 1008 Firmware Search vendor "Intelbras" for product "Hdcvi 1008 Firmware" | * | - |
Affected
| ||||||
| Intelbras Search vendor "Intelbras" | Hdcvi 1016 Firmware Search vendor "Intelbras" for product "Hdcvi 1016 Firmware" | * | - |
Affected
| ||||||
| Intelbras Search vendor "Intelbras" | Mhdx 1004 Firmware Search vendor "Intelbras" for product "Mhdx 1004 Firmware" | * | - |
Affected
| ||||||
| Intelbras Search vendor "Intelbras" | Mhdx 1008 Firmware Search vendor "Intelbras" for product "Mhdx 1008 Firmware" | * | - |
Affected
| ||||||
| Intelbras Search vendor "Intelbras" | Mhdx 1016 Firmware Search vendor "Intelbras" for product "Mhdx 1016 Firmware" | * | - |
Affected
| ||||||
| Intelbras Search vendor "Intelbras" | Mhdx 5016 Firmware Search vendor "Intelbras" for product "Mhdx 5016 Firmware" | * | - |
Affected
| ||||||