// For flags

CVE-2024-6080

Intelbras InControl incontrolWebcam Service unquoted search path

Severity Score

8.5
*CVSS v4

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-268822 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure and plans to provide a solution within the next few weeks.

Una vulnerabilidad fue encontrada en Intelbras InControl 2.21.56 y clasificada como crítica. Esta vulnerabilidad afecta a código desconocido. La manipulación conduce a una ruta de búsqueda sin comillas. Se requiere acceso local para abordar este ataque. El exploit ha sido divulgado al público y puede utilizarse. VDB-268822 es el identificador asignado a esta vulnerabilidad. NOTA: Se contactó primeramente con el proveedor sobre esta divulgación, pero no respondió de ninguna manera.

A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-268822 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure and plans to provide a solution within the next few weeks.

In Intelbras InControl 2.21.56 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Komponente incontrolWebcam Service. Durch Manipulation mit unbekannten Daten kann eine unquoted search path-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs hat dabei lokal zu erfolgen. Der Exploit steht zur öffentlichen Verfügung.

*Credits: Stux
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Attack Requirements
None
Privileges Required
Low
User Interaction
None
System
Vulnerable | Subsequent
Confidentiality
High
None
Integrity
High
None
Availability
High
None
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
Poc
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2024-06-17 CVE Reserved
  • 2024-06-17 CVE Published
  • 2024-08-06 CVE Updated
  • 2024-09-20 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-428: Unquoted Search Path or Element
CAPEC
References (2)
URL Tag Source
https://vuldb.com/?id.268822 Vdb Entry
https://vuldb.com/?submit.353502 Third Party Advisory
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Intelbras
Search vendor "Intelbras"
 InControl
Search vendor "Intelbras" for product "InControl"
 2.21.56
Search vendor "Intelbras" for product "InControl" and version "2.21.56"
en
Affected