VDB-289166 · CVE-2024-12896 · GCVE-100-289166

Intelbras VIP S4320 G2 Sehingga 20241222 Web Interface /web_caps/webCapsConfig Pendedahan maklumat

Isu keselamatan yang diklasifikasikan di bawah bermasalah telah dikesan pada Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 Sehingga 20241222. Fungsi yang terkesan ialah fungsi yang tidak dinyatakan dalam fail /web_caps/webCapsConfig milik komponen Web Interface. Pelarasan ini boleh membawa kepada Pendedahan maklumat. Penggunaan CWE untuk mengisytiharkan masalah akan membawa kepada CWE-200. Pendedahan kelemahan ini telah dilakukan pada 22/12/2024. Penasihat ini dikongsi untuk dimuat turun di netsecfish.notion.site. Celah ini direkodkan di bawah ID CVE-2024-12896. Serangan boleh dilakukan secara remote. Perincian teknikal ada disediakan. Selain itu, eksploit boleh didapati. Pendedahan eksploit telah dibuat kepada umum dan mungkin digunakan. Buat masa ini, harga bagi exploit berkemungkinan sekitar USD $0-$5k. Projek MITRE ATT&CK mentakrifkan teknik serangan sebagai T1592. Ia dinyatakan sebagai bukti konsep. Eksploit ini tersedia untuk dimuat turun di netsecfish.notion.site. Sebagai 0-day, anggaran harga di pasaran gelap adalah sekitar $0-$5k. Disarankan untuk melaksanakan firewall yang bersifat restriktif. If you want to get best quality of vulnerability data, you may have to visit VulDB.

3 Perubahan · 89 Titik data

Medan	Dibuat 22/12/2024 09:53 AM	Dikemas kini 1/2 23/12/2024 12:29 AM	Dikemas kini 2/2 24/12/2024 05:56 PM
software_vendor	Intelbras	Intelbras	Intelbras
software_name	VIP S3020 G2/VIP S4020 G2/VIP S4020 G3/VIP S4320 G2	VIP S3020 G2/VIP S4020 G2/VIP S4020 G3/VIP S4320 G2	VIP S3020 G2/VIP S4020 G2/VIP S4020 G3/VIP S4320 G2
software_version	<=20241222	<=20241222	<=20241222
software_component	Web Interface	Web Interface	Web Interface
software_file	/web_caps/webCapsConfig	/web_caps/webCapsConfig	/web_caps/webCapsConfig
vulnerability_cwe	CWE-200 (Pendedahan maklumat)	CWE-200 (Pendedahan maklumat)	CWE-200 (Pendedahan maklumat)
vulnerability_risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	N	N	N
cvss3_vuldb_a	N	N	N
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rl	W	W	W
cvss3_vuldb_rc	C	C	C
advisory_url	https://netsecfish.notion.site/IntelBras-IP-Camera-Information-Disclosure-15e6b683e67c80a89f89daf59daa9ea8?pvs=73	https://netsecfish.notion.site/IntelBras-IP-Camera-Information-Disclosure-15e6b683e67c80a89f89daf59daa9ea8?pvs=73	https://netsecfish.notion.site/IntelBras-IP-Camera-Information-Disclosure-15e6b683e67c80a89f89daf59daa9ea8?pvs=73
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://netsecfish.notion.site/IntelBras-IP-Camera-Information-Disclosure-15e6b683e67c80a89f89daf59daa9ea8?pvs=73	https://netsecfish.notion.site/IntelBras-IP-Camera-Information-Disclosure-15e6b683e67c80a89f89daf59daa9ea8?pvs=73	https://netsecfish.notion.site/IntelBras-IP-Camera-Information-Disclosure-15e6b683e67c80a89f89daf59daa9ea8?pvs=73
countermeasure_name	Firewall	Firewall	Firewall
source_cve	CVE-2024-12896	CVE-2024-12896	CVE-2024-12896
cna_responsible	VulDB	VulDB	VulDB
response_summary	The vendor assesses that "the information disclosed in the URL is not sensitive or poses any risk to the user".	The vendor assesses that "the information disclosed in the URL is not sensitive or poses any risk to the user".	The vendor assesses that "the information disclosed in the URL is not sensitive or poses any risk to the user".
cna_eol	1	1	1
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	N	N	N
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	W	W	W
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	N	N	N
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	N	N	N
cvss4_vuldb_va	N	N	N
cvss4_vuldb_e	P	P	P
cvss4_vuldb_at	N	N	N
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	5.0	5.0	5.0
cvss2_vuldb_tempscore	4.3	4.3	4.3
cvss3_vuldb_basescore	5.3	5.3	5.3
cvss3_vuldb_tempscore	4.9	4.9	4.9
cvss3_meta_basescore	5.3	5.3	5.3
cvss3_meta_tempscore	4.9	5.1	5.1
cvss4_vuldb_bscore	6.9	6.9	6.9
cvss4_vuldb_btscore	5.5	5.5	5.5
advisory_date	1734822000 (22/12/2024)	1734822000 (22/12/2024)	1734822000 (22/12/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222 and classified as problematic. Affected by this issue is some unknown functionality of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor assesses that "the information disclosed in the URL is not sensitive or poses any risk to the user".	A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222 and classified as problematic. Affected by this issue is some unknown functionality of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor assesses that "the information disclosed in the URL is not sensitive or poses any risk to the user".
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		N	N
cvss4_cna_ui		N	N
cvss4_cna_vc		L	L
cvss4_cna_vi		N	N
cvss4_cna_va		N	N
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		6.9	6.9
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		N	N
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		N	N
cvss3_cna_a		N	N
cvss3_cna_basescore		5.3	5.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		N	N
cvss2_cna_ci		P	P
cvss2_cna_ii		N	N
cvss2_cna_ai		N	N
cvss2_cna_basescore		5	5
cve_nvd_summaryes			Se ha detectado una vulnerabilidad en Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 y VIP S4320 G2 hasta 20241222 y se ha clasificado como problemática. Este problema afecta a algunas funciones desconocidas del archivo /web_caps/webCapsConfig del componente Web Interface. La manipulación conduce a la divulgación de información. El ataque puede ejecutarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El proveedor evalúa que "la información divulgada en la URL no es sensible ni supone ningún riesgo para el usuario".

◂ Sebelum Gambaran Seterusnya ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!