VDB-289167 · CVE-2024-12897 · GCVE-100-289167

Intelbras VIP S4320 G2 Dok 20241222 Web Interface Sha1Account1 Obelodanjivanje informacija

Otkrivena je ranjivost klasifikovana kao Kritične u Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 Dok 20241222. Pogođeno je nepoznata funkcija u fajlu ../mtd/Config/Sha1Account1 u komponenti Web Interface. Manipulacija dovodi do Obelodanjivanje informacija. Korišćenjem CWE za opis problema dolazi se do CWE-24. Slabost je objavljena 12/22/2024. Izveštaj je dostupan za preuzimanje na netsecfish.notion.site. Ova ranjivost je poznata pod oznakom CVE-2024-12897. Napad je moguće izvršiti sa udaljene lokacije. Napad zahteva pristup lokalnoj mreži. Tehnički podaci su dostupni. Додатно, постоји доступан експлоит. Eksploatacija je javno objavljena i može biti iskorišćena. Trenutna cena za eksploataciju može biti približno USD $0-$5k u ovom trenutku. Prema MITRE ATT&CK projektu, tehnika napada je T1006. Definisano je kao dokaz-of-koncept. Ekspoit je objavljen za preuzimanje na netsecfish.notion.site. Kao 0-day, očekivana cena na crnom tržištu bila je oko $0-$5k. Preporučuje se korišćenje restriktivnog vatrozida. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

4 Promene · 88 Tačke podataka

Polje	Kreirali 12/22/2024 09:53	Ažurira 1/3 12/23/2024 01:54	Ažurira 2/3 12/24/2024 17:56	Ažurira 3/3 12/27/2024 09:56
software_vendor	Intelbras	Intelbras	Intelbras	Intelbras
software_name	VIP S3020 G2/VIP S4020 G2/VIP S4020 G3/VIP S4320 G2	VIP S3020 G2/VIP S4020 G2/VIP S4020 G3/VIP S4320 G2	VIP S3020 G2/VIP S4020 G2/VIP S4020 G3/VIP S4320 G2	VIP S3020 G2/VIP S4020 G2/VIP S4020 G3/VIP S4320 G2
software_version	<=20241222	<=20241222	<=20241222	<=20241222
software_component	Web Interface	Web Interface	Web Interface	Web Interface
software_file	../mtd/Config/Sha1Account1	../mtd/Config/Sha1Account1	../mtd/Config/Sha1Account1	../mtd/Config/Sha1Account1
vulnerability_cwe	CWE-24	CWE-24	CWE-24	CWE-24
vulnerability_risk	2	2	2	2
cvss3_vuldb_av	N	N	N	N
cvss3_vuldb_ac	L	L	L	L
cvss3_vuldb_pr	L	L	L	L
cvss3_vuldb_ui	N	N	N	N
cvss3_vuldb_s	U	U	U	U
cvss3_vuldb_c	L	L	L	L
cvss3_vuldb_i	N	N	N	N
cvss3_vuldb_a	N	N	N	N
cvss3_vuldb_e	P	P	P	P
cvss3_vuldb_rl	W	W	W	W
cvss3_vuldb_rc	C	C	C	C
advisory_url	https://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7?pvs=4	https://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7?pvs=4	https://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7?pvs=4	https://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7?pvs=4
exploit_availability	1	1	1	1
exploit_publicity	1	1	1	1
exploit_url	https://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7?pvs=4	https://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7?pvs=4	https://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7?pvs=4	https://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7?pvs=4
countermeasure_name	Firewall	Firewall	Firewall	Firewall
source_cve	CVE-2024-12897	CVE-2024-12897	CVE-2024-12897	CVE-2024-12897
cna_responsible	VulDB	VulDB	VulDB	VulDB
cvss2_vuldb_av	N	N	N	N
cvss2_vuldb_ac	L	L	L	L
cvss2_vuldb_ci	P	P	P	P
cvss2_vuldb_ii	N	N	N	N
cvss2_vuldb_ai	N	N	N	N
cvss2_vuldb_e	POC	POC	POC	POC
cvss2_vuldb_rc	C	C	C	C
cvss2_vuldb_rl	W	W	W	W
cvss4_vuldb_av	N	N	N	N
cvss4_vuldb_ac	L	L	L	L
cvss4_vuldb_pr	L	L	L	L
cvss4_vuldb_ui	N	N	N	N
cvss4_vuldb_vc	L	L	L	L
cvss4_vuldb_vi	N	N	N	N
cvss4_vuldb_va	N	N	N	N
cvss4_vuldb_e	P	P	P	P
cvss2_vuldb_au	S	S	S	S
cvss4_vuldb_at	N	N	N	N
cvss4_vuldb_sc	N	N	N	N
cvss4_vuldb_si	N	N	N	N
cvss4_vuldb_sa	N	N	N	N
cvss2_vuldb_basescore	4.0	4.0	4.0	4.0
cvss2_vuldb_tempscore	3.4	3.4	3.4	3.4
cvss3_vuldb_basescore	4.3	4.3	4.3	4.3
cvss3_vuldb_tempscore	4.0	4.0	4.0	4.0
cvss3_meta_basescore	4.3	4.3	4.3	4.3
cvss3_meta_tempscore	4.0	4.1	4.1	4.1
cvss4_vuldb_bscore	5.3	5.3	5.3	5.3
cvss4_vuldb_btscore	2.1	2.1	2.1	2.1
advisory_date	1734822000 (12/22/2024)	1734822000 (12/22/2024)	1734822000 (12/22/2024)	1734822000 (12/22/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. It has been classified as critical. This affects an unknown part of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.	A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. It has been classified as critical. This affects an unknown part of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.	A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. It has been classified as critical. This affects an unknown part of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N	N	N
cvss4_cna_ac		L	L	L
cvss4_cna_at		N	N	N
cvss4_cna_pr		L	L	L
cvss4_cna_ui		N	N	N
cvss4_cna_vc		L	L	L
cvss4_cna_vi		N	N	N
cvss4_cna_va		N	N	N
cvss4_cna_sc		N	N	N
cvss4_cna_si		N	N	N
cvss4_cna_sa		N	N	N
cvss4_cna_bscore		5.3	5.3	5.3
cvss3_cna_av		N	N	N
cvss3_cna_ac		L	L	L
cvss3_cna_pr		L	L	L
cvss3_cna_ui		N	N	N
cvss3_cna_s		U	U	U
cvss3_cna_c		L	L	L
cvss3_cna_i		N	N	N
cvss3_cna_a		N	N	N
cvss3_cna_basescore		4.3	4.3	4.3
cvss2_cna_av		N	N	N
cvss2_cna_ac		L	L	L
cvss2_cna_au		S	S	S
cvss2_cna_ci		P	P	P
cvss2_cna_ii		N	N	N
cvss2_cna_ai		N	N	N
cvss2_cna_basescore		4	4	4
cve_nvd_summaryes			Se ha encontrado una vulnerabilidad en Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 y VIP S4320 G2 hasta 20241222. Se ha clasificado como crítica. Afecta a una parte desconocida del archivo ../mtd/Config/Sha1Account1 del componente Web Interface. La manipulación conduce a un path traversal: '../filedir'. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado.	Se ha encontrado una vulnerabilidad en Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 y VIP S4320 G2 hasta 20241222. Se ha clasificado como crítica. Afecta a una parte desconocida del archivo ../mtd/Config/Sha1Account1 del componente Web Interface. La manipulación conduce a un path traversal: '../filedir'. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado.
cna_eol				1

◂ Prethodne Pregled Sledeжi ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!