Filtered by vendor Intelbras Subscriptions
Total 46 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-32403 1 Intelbras 2 Rf 301k, Rf 301k Firmware 2024-11-21 8.8 High
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mechanisms for token protection and unsafe inputs and modules.
CVE-2021-32402 1 Intelbras 2 Rf 301k, Rf 301k Firmware 2024-11-21 8.8 High
Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of validation and insecure configurations in inputs and modules.
CVE-2020-8829 1 Intelbras 2 Cip 92200, Cip 92200 Firmware 2024-11-21 8.8 High
CSRF on Intelbras CIP 92200 devices allows an attacker to access the panel and perform scraping or other analysis.
CVE-2020-24285 1 Intelbras 4 Tip200, Tip200 Firmware, Tip200lite and 1 more 2024-11-21 7.5 High
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx.
CVE-2020-13886 1 Intelbras 6 Tip200, Tip200 Firmware, Tip200lite and 3 more 2024-11-21 5.3 Medium
Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal.
CVE-2020-12262 1 Intelbras 6 Tip200, Tip200 Firmware, Tip200lite and 3 more 2024-11-21 5.4 Medium
Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS.
CVE-2019-20004 1 Intelbras 2 Iwr 3000n, Iwr 3000n Firmware 2024-11-21 8.8 High
An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router.
CVE-2019-19996 1 Intelbras 2 Iwr 3000n, Iwr 3000n Firmware 2024-11-21 7.5 High
An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login.
CVE-2019-19995 1 Intelbras 2 Iwr 3000n, Iwr 3000n Firmware 2024-11-21 8.8 High
A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user.
CVE-2019-19517 1 Intelbras 2 Action Rf 1200, Action Rf 1200 Firmware 2024-11-21 8.8 High
Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html form, as demonstrated by launching a scrapy process.
CVE-2019-19516 1 Intelbras 2 Wrn 150, Wrn 150 Firmware 2024-11-21 6.5 Medium
Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password.
CVE-2019-19142 1 Intelbras 2 Wrn 240, Wrn 240 Firmware 2024-11-21 7.5 High
Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.
CVE-2019-19007 1 Intelbras 2 Iwr 3000n, Iwr 3000n Firmware 2024-11-21 7.2 High
Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue to CVE-2019-17600.
CVE-2019-17600 1 Intelbras 2 Iwr 1000n, Iwr 1000n Firmware 2024-11-21 9.8 Critical
Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled.
CVE-2019-17222 1 Intelbras 2 Wrn 150, Wrn 150 Firmware 2024-11-21 6.1 Medium
An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is stored XSS in the Service Name tab of the WAN configuration screen, leading to a denial of service (inability to change the configuration).
CVE-2019-11416 1 Intelbras 2 Iwr 3000n, Iwr 3000n Firmware 2024-11-21 N/A
A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user.
CVE-2019-11415 1 Intelbras 2 Iwr 3000n, Iwr 3000n Firmware 2024-11-21 N/A
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login.
CVE-2019-11414 1 Intelbras 2 Iwr 3000n, Iwr 3000n Firmware 2024-11-21 N/A
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router.
CVE-2018-9010 1 Intelbras 4 Tip200, Tip200 Firmware, Tip200lite and 1 more 2024-11-21 7.2 High
Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password.
CVE-2018-17337 1 Intelbras 2 Nplug, Nplug Firmware 2024-11-21 N/A
Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast.