VDB-278829 · CVE-2024-9325 · GCVE-100-278829

Intelbras InControl har 2.21.56 incontrol-service-watchdog.exe kura hakki ndiyam

Wuro vulnerability wey an yi classify sey kura an gano shi a cikin Intelbras InControl har 2.21.56. Gaskiya, $software_function na da matsala; idan ba a sani ba, to wata aiki ce da ba a sani ba, $software_library na cikin lissafi, C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe na cikin fayil, $software_component na cikin sashi. Ngam manipulation shi kura hakki ndiyam. CWE shidin ka a yi bayani matsala sai ya kai CWE-428. Gaskiya, laifi an fitar da shi 09/28/2024. Advisory ɗin ana rabawa don saukewa a backend.intelbras.com. Wannan rauni ana sayar da shi da suna CVE-2024-9325. Wuroo ka a yiɗi a yi ɗum e laawol gese. Tekinikal bayani ga. Ba exploit ɗin da ake da shi. A sa'i, exploit might be approx. USD $0-$5k ndiyam. Á wúro a wondi feere. Kama 0-day, an ndiyam a wuro be $0-$5k. Ngamdi ka a yiɗi a ɗaɓɓita kompona wey ka a hokkata. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

5 Goyarwa · 100 Datenpunkte

Furɗe	Súgá 09/28/2024 15:36	Gargadi 1/4 09/29/2024 13:08	Gargadi 2/4 10/07/2024 19:20	Gargadi 3/4 11/04/2024 20:17	Gargadi 4/4 11/05/2024 06:47
software_vendor	Intelbras	Intelbras	Intelbras	Intelbras	Intelbras
software_name	InControl	InControl	InControl	InControl	InControl
software_version	<=2.21.56	<=2.21.56	<=2.21.56	<=2.21.56	<=2.21.56
software_file	C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe	C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe	C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe	C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe	C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe
vulnerability_cwe	CWE-428 (kura hakki ndiyam)	CWE-428 (kura hakki ndiyam)	CWE-428 (kura hakki ndiyam)	CWE-428 (kura hakki ndiyam)	CWE-428 (kura hakki ndiyam)
vulnerability_risk	2	2	2	2	2
cvss3_vuldb_av	L	L	L	L	L
cvss3_vuldb_ac	L	L	L	L	L
cvss3_vuldb_pr	L	L	L	L	L
cvss3_vuldb_ui	N	N	N	N	N
cvss3_vuldb_s	U	U	U	U	U
cvss3_vuldb_c	H	H	H	H	H
cvss3_vuldb_i	H	H	H	H	H
cvss3_vuldb_a	H	H	H	H	H
cvss3_vuldb_rc	C	C	C	C	C
source_cve	CVE-2024-9325	CVE-2024-9325	CVE-2024-9325	CVE-2024-9325	CVE-2024-9325
cna_responsible	VulDB	VulDB	VulDB	VulDB	VulDB
response_summary	The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.	The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.	The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.	The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.	The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.
cvss2_vuldb_av	L	L	L	L	L
cvss2_vuldb_ac	L	L	L	L	L
cvss2_vuldb_ci	C	C	C	C	C
cvss2_vuldb_ii	C	C	C	C	C
cvss2_vuldb_ai	C	C	C	C	C
cvss2_vuldb_rc	C	C	C	C	C
cvss4_vuldb_av	L	L	L	L	L
cvss4_vuldb_ac	L	L	L	L	L
cvss4_vuldb_pr	L	L	L	L	L
cvss4_vuldb_ui	N	N	N	N	N
cvss4_vuldb_vc	H	H	H	H	H
cvss4_vuldb_vi	H	H	H	H	H
cvss4_vuldb_va	H	H	H	H	H
cvss2_vuldb_au	S	S	S	S	S
cvss2_vuldb_e	ND	ND	ND	ND	ND
cvss2_vuldb_rl	ND	ND	ND	OF	OF
cvss3_vuldb_e	X	X	X	X	X
cvss3_vuldb_rl	X	X	X	O	O
cvss4_vuldb_at	N	N	N	N	N
cvss4_vuldb_sc	N	N	N	N	N
cvss4_vuldb_si	N	N	N	N	N
cvss4_vuldb_sa	N	N	N	N	N
cvss4_vuldb_e	X	X	X	X	X
cvss2_vuldb_basescore	6.8	6.8	6.8	6.8	6.8
cvss2_vuldb_tempscore	6.8	6.8	6.8	5.9	5.9
cvss3_vuldb_basescore	7.8	7.8	7.8	7.8	7.8
cvss3_vuldb_tempscore	7.8	7.8	7.8	7.5	7.5
cvss3_meta_basescore	7.8	7.8	7.8	7.8	7.8
cvss3_meta_tempscore	7.8	7.8	7.8	7.7	7.7
cvss4_vuldb_bscore	8.5	8.5	8.5	8.5	8.5
cvss4_vuldb_btscore	8.5	8.5	8.5	8.5	8.5
advisory_date	1727474400 (09/28/2024)	1727474400 (09/28/2024)	1727474400 (09/28/2024)	1727474400 (09/28/2024)	1727474400 (09/28/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.	A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.	A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.	A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.
cvss3_cna_av		L	L	L	L
cvss3_cna_ac		L	L	L	L
cvss3_cna_pr		L	L	L	L
cvss3_cna_ui		N	N	N	N
cvss3_cna_s		U	U	U	U
cvss3_cna_c		H	H	H	H
cvss3_cna_i		H	H	H	H
cvss3_cna_a		H	H	H	H
cvss3_cna_basescore		7.8	7.8	7.8	7.8
cvss2_cna_av		L	L	L	L
cvss2_cna_ac		L	L	L	L
cvss2_cna_au		S	S	S	S
cvss2_cna_ci		C	C	C	C
cvss2_cna_ii		C	C	C	C
cvss2_cna_ai		C	C	C	C
cvss2_cna_basescore		6.8	6.8	6.8	6.8
cve_nvd_summaryes			Se ha detectado una vulnerabilidad clasificada como crítica en Intelbras InControl hasta la versión 2.21.56. Afecta a una parte desconocida del archivo C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. La manipulación conduce a una ruta de búsqueda sin comillas. Es posible lanzar el ataque en el host local. El proveedor fue informado de este problema el 5 de agosto de 2024. El lanzamiento de una versión corregida 2.21.58 se anunció para fines de agosto de 2024, pero luego se pospuso hasta el 20 de septiembre de 2024.	Se ha detectado una vulnerabilidad clasificada como crítica en Intelbras InControl hasta la versión 2.21.56. Afecta a una parte desconocida del archivo C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. La manipulación conduce a una ruta de búsqueda sin comillas. Es posible lanzar el ataque en el host local. El proveedor fue informado de este problema el 5 de agosto de 2024. El lanzamiento de una versión corregida 2.21.58 se anunció para fines de agosto de 2024, pero luego se pospuso hasta el 20 de septiembre de 2024.	Se ha detectado una vulnerabilidad clasificada como crítica en Intelbras InControl hasta la versión 2.21.56. Afecta a una parte desconocida del archivo C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. La manipulación conduce a una ruta de búsqueda sin comillas. Es posible lanzar el ataque en el host local. El proveedor fue informado de este problema el 5 de agosto de 2024. El lanzamiento de una versión corregida 2.21.58 se anunció para fines de agosto de 2024, pero luego se pospuso hasta el 20 de septiembre de 2024.
cvss3_nvd_av			L	L	L
cvss3_nvd_ac			L	L	L
cvss3_nvd_pr			L	L	L
cvss3_nvd_ui			N	N	N
cvss3_nvd_s			U	U	U
cvss3_nvd_c			H	H	H
cvss3_nvd_i			H	H	H
cvss3_nvd_a			H	H	H
cvss3_nvd_basescore			7.8	7.8	7.8
advisory_url				https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf	https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf
countermeasure_name				Gargajiya	Gargajiya
upgrade_version				2.21.58	2.21.58
countermeasure_upgrade_url				https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe	https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe
cvss4_cna_av					L
cvss4_cna_ac					L
cvss4_cna_at					N
cvss4_cna_pr					L
cvss4_cna_ui					N
cvss4_cna_vc					H
cvss4_cna_vi					H
cvss4_cna_va					H
cvss4_cna_sc					N
cvss4_cna_si					N
cvss4_cna_sa					N
cvss4_cna_bscore					8.5

◂ Gurɗo Gumti Gada ▸

Interested in the pricing of exploits?

See the underground prices here!