Vendor
Intelbras
Products
4
CVEs
6
Across products
6
Status
Private
Products
4- 3 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
6| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-14942 | Cri | 0.64 | 9.8 | 0.01 | Sep 30, 2017 | Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie. | |
| CVE-2017-14219 | Med | 0.43 | 6.1 | 0.00 | Sep 7, 2017 | XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated by an "airbase-ng -e" command. | |
| CVE-2026-3101 | Med | 0.41 | 6.3 | 0.01 | Feb 24, 2026 | A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2025-6765 | Med | 0.41 | 6.3 | 0.00 | Jun 27, 2025 | A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing of the file /v1/operador/ of the component HTTP PUT Request Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |
| CVE-2025-8515 | Low | 0.20 | 3.1 | 0.00 | Aug 4, 2025 | A weakness has been identified in Intelbras InControl 2.21.60.9. This vulnerability affects unknown code of the file /v1/operador/ of the component JSON Endpoint. Executing manipulation can lead to information disclosure. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is stated that the exploitability is difficult. The exploit has been made available to the public and could be exploited. Upgrading the affected component is advised. | |
| CVE-2025-7061 | Low | 0.18 | 2.7 | 0.00 | Jul 4, 2025 | A vulnerability was found in Intelbras InControl up to 2.21.60.9. It has been declared as problematic. This vulnerability affects unknown code of the file /v1/operador/. The manipulation leads to csv injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |