Intelbras VIP S4320 G2 jusqu’à 20241222 Web Interface Sha1Account1 divulgation d'information

Une vulnérabilité classée comme critique a été trouvée dans Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 jusqu’à 20241222. L'élément affecté est une fonction inconnue du fichier ../mtd/Config/Sha1Account1 du composant Web Interface. La manipulation conduit à divulgation d'information. En utilisant CWE pour déclarer le problème, on obtient CWE-24. La faille a été publiée le 22/12/2024. Le bulletin est disponible en téléchargement sur netsecfish.notion.site. Cette vulnérabilité est référencée sous CVE-2024-12897. L'attaque peut être lancée à distance. Des informations techniques sont fournies. De plus, un exploit est disponible. L'exploit a été divulgué au public et peut être utilisé. Le prix actuel pour un exploit pourrait être d'environ USD $0-$5k pour le moment. Selon le projet MITRE ATT&CK, la technique d'attaque est T1006. Il est indiqué comme preuve de concept. L'exploit est disponible en téléchargement sur netsecfish.notion.site. En tant que 0-day, le prix souterrain estimé était aux alentours de $0-$5k. Il est recommandé de configurer le pare-feu de manière restrictive. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

4 Changements · 88 Points de données

ChampCréé
22/12/2024 09:53		Mise à jour 1/3
23/12/2024 01:54		Mise à jour 2/3
24/12/2024 17:56		Mise à jour 3/3
27/12/2024 09:56
software_vendorIntelbrasIntelbrasIntelbrasIntelbras
software_nameVIP S3020 G2/VIP S4020 G2/VIP S4020 G3/VIP S4320 G2VIP S3020 G2/VIP S4020 G2/VIP S4020 G3/VIP S4320 G2VIP S3020 G2/VIP S4020 G2/VIP S4020 G3/VIP S4320 G2VIP S3020 G2/VIP S4020 G2/VIP S4020 G3/VIP S4320 G2
software_version<=20241222<=20241222<=20241222<=20241222
software_componentWeb InterfaceWeb InterfaceWeb InterfaceWeb Interface
software_file../mtd/Config/Sha1Account1../mtd/Config/Sha1Account1../mtd/Config/Sha1Account1../mtd/Config/Sha1Account1
vulnerability_cweCWE-24CWE-24CWE-24CWE-24
vulnerability_risk2222
cvss3_vuldb_avNNNN
cvss3_vuldb_acLLLL
cvss3_vuldb_prLLLL
cvss3_vuldb_uiNNNN
cvss3_vuldb_sUUUU
cvss3_vuldb_cLLLL
cvss3_vuldb_iNNNN
cvss3_vuldb_aNNNN
cvss3_vuldb_ePPPP
cvss3_vuldb_rlWWWW
cvss3_vuldb_rcCCCC
advisory_urlhttps://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7?pvs=4https://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7?pvs=4https://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7?pvs=4https://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7?pvs=4
exploit_availability1111
exploit_publicity1111
exploit_urlhttps://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7?pvs=4https://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7?pvs=4https://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7?pvs=4https://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7?pvs=4
countermeasure_nameFirewallFirewallFirewallFirewall
source_cveCVE-2024-12897CVE-2024-12897CVE-2024-12897CVE-2024-12897
cna_responsibleVulDBVulDBVulDBVulDB
cvss2_vuldb_avNNNN
cvss2_vuldb_acLLLL
cvss2_vuldb_ciPPPP
cvss2_vuldb_iiNNNN
cvss2_vuldb_aiNNNN
cvss2_vuldb_ePOCPOCPOCPOC
cvss2_vuldb_rcCCCC
cvss2_vuldb_rlWWWW
cvss4_vuldb_avNNNN
cvss4_vuldb_acLLLL
cvss4_vuldb_prLLLL
cvss4_vuldb_uiNNNN
cvss4_vuldb_vcLLLL
cvss4_vuldb_viNNNN
cvss4_vuldb_vaNNNN
cvss4_vuldb_ePPPP
cvss2_vuldb_auSSSS
cvss4_vuldb_atNNNN
cvss4_vuldb_scNNNN
cvss4_vuldb_siNNNN
cvss4_vuldb_saNNNN
cvss2_vuldb_basescore4.04.04.04.0
cvss2_vuldb_tempscore3.43.43.43.4
cvss3_vuldb_basescore4.34.34.34.3
cvss3_vuldb_tempscore4.04.04.04.0
cvss3_meta_basescore4.34.34.34.3
cvss3_meta_tempscore4.04.14.14.1
cvss4_vuldb_bscore5.35.35.35.3
cvss4_vuldb_btscore2.12.12.12.1
advisory_date1734822000 (22/12/2024)1734822000 (22/12/2024)1734822000 (22/12/2024)1734822000 (22/12/2024)
price_0day$0-$5k$0-$5k$0-$5k$0-$5k
cve_nvd_summaryA vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. It has been classified as critical. This affects an unknown part of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. It has been classified as critical. This affects an unknown part of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. It has been classified as critical. This affects an unknown part of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_avNNN
cvss4_cna_acLLL
cvss4_cna_atNNN
cvss4_cna_prLLL
cvss4_cna_uiNNN
cvss4_cna_vcLLL
cvss4_cna_viNNN
cvss4_cna_vaNNN
cvss4_cna_scNNN
cvss4_cna_siNNN
cvss4_cna_saNNN
cvss4_cna_bscore5.35.35.3
cvss3_cna_avNNN
cvss3_cna_acLLL
cvss3_cna_prLLL
cvss3_cna_uiNNN
cvss3_cna_sUUU
cvss3_cna_cLLL
cvss3_cna_iNNN
cvss3_cna_aNNN
cvss3_cna_basescore4.34.34.3
cvss2_cna_avNNN
cvss2_cna_acLLL
cvss2_cna_auSSS
cvss2_cna_ciPPP
cvss2_cna_iiNNN
cvss2_cna_aiNNN
cvss2_cna_basescore444
cve_nvd_summaryesSe ha encontrado una vulnerabilidad en Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 y VIP S4320 G2 hasta 20241222. Se ha clasificado como crítica. Afecta a una parte desconocida del archivo ../mtd/Config/Sha1Account1 del componente Web Interface. La manipulación conduce a un path traversal: '../filedir'. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado.Se ha encontrado una vulnerabilidad en Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 y VIP S4320 G2 hasta 20241222. Se ha clasificado como crítica. Afecta a una parte desconocida del archivo ../mtd/Config/Sha1Account1 del componente Web Interface. La manipulación conduce a un path traversal: '../filedir'. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado.
cna_eol1

PrécédentAperçuSuivant

Interested in the pricing of exploits?

See the underground prices here!