Intelbras InControl har 2.21.57 Relatório de Operadores Page /v1/operador/ fields kura hakki ndiyam

Hakika vulnerability da aka rarraba a matsayin kura an gano a Intelbras InControl har 2.21.57. Tabbas, aikin $software_function ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil /v1/operador/, a cikin sashi Relatório de Operadores Page. Wuro manipulation of the argument fields ga kura hakki ndiyam. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-94. Lalle, rauni an sanar da shi 09/28/2024. Ana samun bayanin tsaro don saukewa a youtu.be. Ana kiran wannan rauni da CVE-2024-9324. Ngam yiɗi ka a tuma ndiyam ka internet. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a youtu.be. 0-day ga, an ndiyam a wuro be $0-$5k. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a saɓata. If you want to get best quality of vulnerability data, you may have to visit VulDB.

5 Goyarwa · 109 Datenpunkte

FurɗeSúgá
09/28/2024 15:36		Gargadi 1/4
09/29/2024 13:08		Gargadi 2/4
10/07/2024 19:20		Gargadi 3/4
11/04/2024 20:16		Gargadi 4/4
11/05/2024 06:47
software_vendorIntelbrasIntelbrasIntelbrasIntelbrasIntelbras
software_nameInControlInControlInControlInControlInControl
software_version<=2.21.57<=2.21.57<=2.21.57<=2.21.57<=2.21.57
software_componentRelatório de Operadores PageRelatório de Operadores PageRelatório de Operadores PageRelatório de Operadores PageRelatório de Operadores Page
software_file/v1/operador//v1/operador//v1/operador//v1/operador//v1/operador/
software_argumentfieldsfieldsfieldsfieldsfields
vulnerability_cweCWE-94 (kura hakki ndiyam)CWE-94 (kura hakki ndiyam)CWE-94 (kura hakki ndiyam)CWE-94 (kura hakki ndiyam)CWE-94 (kura hakki ndiyam)
vulnerability_risk22222
cvss3_vuldb_avNNNNN
cvss3_vuldb_acLLLLL
cvss3_vuldb_prLLLLL
cvss3_vuldb_uiNNNNN
cvss3_vuldb_sUUUUU
cvss3_vuldb_cLLLLL
cvss3_vuldb_iLLLLL
cvss3_vuldb_aLLLLL
cvss3_vuldb_ePPPPP
cvss3_vuldb_rcCCCCC
advisory_urlhttps://youtu.be/UdZVktPUy8Ahttps://youtu.be/UdZVktPUy8Ahttps://youtu.be/UdZVktPUy8Ahttps://youtu.be/UdZVktPUy8Ahttps://youtu.be/UdZVktPUy8A
exploit_availability11111
exploit_publicity11111
exploit_urlhttps://youtu.be/UdZVktPUy8Ahttps://youtu.be/UdZVktPUy8Ahttps://youtu.be/UdZVktPUy8Ahttps://youtu.be/UdZVktPUy8Ahttps://youtu.be/UdZVktPUy8A
source_cveCVE-2024-9324CVE-2024-9324CVE-2024-9324CVE-2024-9324CVE-2024-9324
cna_responsibleVulDBVulDBVulDBVulDBVulDB
response_summaryThe vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.
cvss2_vuldb_avNNNNN
cvss2_vuldb_acLLLLL
cvss2_vuldb_ciPPPPP
cvss2_vuldb_iiPPPPP
cvss2_vuldb_aiPPPPP
cvss2_vuldb_ePOCPOCPOCPOCPOC
cvss2_vuldb_rcCCCCC
cvss4_vuldb_avNNNNN
cvss4_vuldb_acLLLLL
cvss4_vuldb_prLLLLL
cvss4_vuldb_uiNNNNN
cvss4_vuldb_vcLLLLL
cvss4_vuldb_viLLLLL
cvss4_vuldb_vaLLLLL
cvss4_vuldb_ePPPPP
cvss2_vuldb_auSSSSS
cvss2_vuldb_rlNDNDNDOFOF
cvss3_vuldb_rlXXXOO
cvss4_vuldb_atNNNNN
cvss4_vuldb_scNNNNN
cvss4_vuldb_siNNNNN
cvss4_vuldb_saNNNNN
cvss2_vuldb_basescore6.56.56.56.56.5
cvss2_vuldb_tempscore5.95.95.95.15.1
cvss3_vuldb_basescore6.36.36.36.36.3
cvss3_vuldb_tempscore6.06.06.05.75.7
cvss3_meta_basescore6.36.37.17.17.1
cvss3_meta_tempscore6.06.17.06.96.9
cvss4_vuldb_bscore5.35.35.35.35.3
cvss4_vuldb_btscore2.12.12.12.12.1
advisory_date1727474400 (09/28/2024)1727474400 (09/28/2024)1727474400 (09/28/2024)1727474400 (09/28/2024)1727474400 (09/28/2024)
price_0day$0-$5k$0-$5k$0-$5k$0-$5k$0-$5k
source_videolinkhttps://youtu.be/UdZVktPUy8Ahttps://youtu.be/UdZVktPUy8Ahttps://youtu.be/UdZVktPUy8Ahttps://youtu.be/UdZVktPUy8Ahttps://youtu.be/UdZVktPUy8A
cve_nvd_summaryA vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.
cvss3_cna_avNNNN
cvss3_cna_acLLLL
cvss3_cna_prLLLL
cvss3_cna_uiNNNN
cvss3_cna_sUUUU
cvss3_cna_cLLLL
cvss3_cna_iLLLL
cvss3_cna_aLLLL
cvss3_cna_basescore6.36.36.36.3
cvss2_cna_avNNNN
cvss2_cna_acLLLL
cvss2_cna_auSSSS
cvss2_cna_ciPPPP
cvss2_cna_iiPPPP
cvss2_cna_aiPPPP
cvss2_cna_basescore6.56.56.56.5
cve_nvd_summaryesSe ha detectado una vulnerabilidad en Intelbras InControl hasta la versión 2.21.57. Se ha calificado como crítica. Este problema afecta a algunas funciones desconocidas del archivo /v1/operador/ del componente Relatório de Operadores Page. La manipulación de los campos de argumentos conduce a la inyección de código. El ataque puede iniciarse de forma remota. El exploit se ha divulgado al público y puede utilizarse. El proveedor fue informado de este problema el 19 de julio de 2024. El lanzamiento de una versión corregida 2.21.58 se anunció para fines de agosto de 2024, pero luego se pospuso hasta el 20 de septiembre de 2024.Se ha detectado una vulnerabilidad en Intelbras InControl hasta la versión 2.21.57. Se ha calificado como crítica. Este problema afecta a algunas funciones desconocidas del archivo /v1/operador/ del componente Relatório de Operadores Page. La manipulación de los campos de argumentos conduce a la inyección de código. El ataque puede iniciarse de forma remota. El exploit se ha divulgado al público y puede utilizarse. El proveedor fue informado de este problema el 19 de julio de 2024. El lanzamiento de una versión corregida 2.21.58 se anunció para fines de agosto de 2024, pero luego se pospuso hasta el 20 de septiembre de 2024.Se ha detectado una vulnerabilidad en Intelbras InControl hasta la versión 2.21.57. Se ha calificado como crítica. Este problema afecta a algunas funciones desconocidas del archivo /v1/operador/ del componente Relatório de Operadores Page. La manipulación de los campos de argumentos conduce a la inyección de código. El ataque puede iniciarse de forma remota. El exploit se ha divulgado al público y puede utilizarse. El proveedor fue informado de este problema el 19 de julio de 2024. El lanzamiento de una versión corregida 2.21.58 se anunció para fines de agosto de 2024, pero luego se pospuso hasta el 20 de septiembre de 2024.
cvss3_nvd_avNNN
cvss3_nvd_acLLL
cvss3_nvd_prLLL
cvss3_nvd_uiNNN
cvss3_nvd_sUUU
cvss3_nvd_cHHH
cvss3_nvd_iHHH
cvss3_nvd_aHHH
cvss3_nvd_basescore8.88.88.8
advisory_confirm_urlhttps://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdfhttps://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf
countermeasure_nameGargajiyaGargajiya
upgrade_version2.21.582.21.58
countermeasure_upgrade_urlhttps://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exehttps://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe
cvss4_cna_avN
cvss4_cna_acL
cvss4_cna_atN
cvss4_cna_prL
cvss4_cna_uiN
cvss4_cna_vcL
cvss4_cna_viL
cvss4_cna_vaL
cvss4_cna_scN
cvss4_cna_siN
cvss4_cna_saN
cvss4_cna_bscore5.3

GurɗoGumtiGada

Do you want to use VulDB in your project?

Use the official API to access entries easily!