VYPR

Vendor CVEs

Intelbras

All CVEs

62 total · sorted by risk
  • CVE-2018-11094CriMay 15, 2018
    risk 0.70cvss 9.8epss 0.36

    An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the…

  • CVE-2017-14942CriSep 30, 2017
    risk 0.69cvss 9.8epss 0.61

    Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently bypass authentication, via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg containing an admin:language=pt cookie.

  • CVE-2018-10369CriAug 15, 2018
    risk 0.64cvss 9.8epss 0.02

    A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login.

  • CVE-2026-2564HigFeb 16, 2026
    risk 0.53cvss 8.1epss 0.00

    A security flaw has been discovered in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T. Affected by this vulnerability is an unknown functionality of the file /OutsideCmd. The manipulation results in weak password recovery. It is possible to launch the attack remotely. Attacks of this…

  • CVE-2025-67070HigJan 9, 2026
    risk 0.53cvss 8.2epss 0.00

    A vulnerability exists in Intelbras CFTV IP NVD 9032 R Ftd V2.800.00IB00C.0.T, which allows an unauthenticated attacker to bypass the multi-factor authentication (MFA) mechanism during the password recovery process. This results in the ability to change the admin password and…

  • CVE-2018-9010HigMar 25, 2018
    risk 0.51cvss 7.2epss 0.10

    Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default…

  • CVE-2020-36963HigJan 28, 2026
    risk 0.49cvss 7.5epss 0.00

    Intelbras Router RF 301K firmware version 1.1.2 contains an authentication bypass vulnerability that allows unauthenticated attackers to download router configuration files. Attackers can send a specific HTTP GET request to /cgi-bin/DownloadCfg/RouterCfm.cfg to retrieve…

  • CVE-2017-14219MedSep 7, 2017
    risk 0.43cvss 6.1epss 0.01

    XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted…

  • CVE-2026-3101MedFeb 24, 2026
    risk 0.41cvss 6.3epss 0.03

    A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor…

  • CVE-2025-6765MedJun 27, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability, which was classified as critical, has been found in Intelbras InControl 2.21.60.9. This issue affects some unknown processing of the file /v1/operador/ of the component HTTP PUT Request Handler. The manipulation leads to permission issues. The attack may be…

  • CVE-2026-36438MedMay 18, 2026
    risk 0.34cvss 5.3epss 0.00

    An issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T allows a remote attacker to obtain sensitive information via password reset functionality under /OutsideCmd

  • CVE-2025-13221MedNov 15, 2025
    risk 0.34cvss 5.3epss 0.00

    A weakness has been identified in Intelbras UnniTI 24.07.11. The affected element is an unknown function of the file /xml/sistema/usuarios.xml. Executing manipulation of the argument Usuario/Senha can lead to unprotected storage of credentials. The attack can be executed…

  • CVE-2024-12896MedDec 22, 2024
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222 and classified as problematic. Affected by this issue is some unknown functionality of the file /web_caps/webCapsConfig of the component Web Interface. The…

  • CVE-2024-3160MedApr 2, 2024
    risk 0.34cvss 5.3epss 0.01

    ** DISPUTED ** A vulnerability, which was classified as problematic, was found in Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 and HDCVI 1016 up to 20240401. This affects an unknown part of the file /cap.js of the component HTTP GET Request Handler. The…

  • CVE-2024-12897MedDec 23, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. It has been classified as critical. This affects an unknown part of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path…

  • CVE-2025-8515LowAug 4, 2025
    risk 0.20cvss 3.1epss 0.00

    A weakness has been identified in Intelbras InControl 2.21.60.9. This vulnerability affects unknown code of the file /v1/operador/ of the component JSON Endpoint. Executing manipulation can lead to information disclosure. It is possible to launch the attack remotely. A high…

  • CVE-2026-12211LowJun 15, 2026
    risk 0.18cvss 2.7epss 0.00

    A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2_Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The…

  • CVE-2025-7061LowJul 4, 2025
    risk 0.18cvss 2.7epss 0.00

    A vulnerability was found in Intelbras InControl up to 2.21.60.9. It has been declared as problematic. This vulnerability affects unknown code of the file /v1/operador/. The manipulation leads to csv injection. The attack can be initiated remotely. The exploit has been disclosed…

  • CVE-2025-4996LowMay 20, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability, which was classified as problematic, has been found in Intelbras RF 301K 1.1.5. This issue affects some unknown processing of the component Add Static IP. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated…

  • CVE-2025-3157LowApr 3, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in Intelbras WRN 150 1.0.15_pt_ITB01. It has been rated as problematic. This issue affects some unknown processing of the component Wireless Menu. The manipulation of the argument SSID leads to cross site scripting. The attack may be initiated remotely.…

  • CVE-2023-36144Jun 30, 2023
    risk 0.07cvss epss 0.38

    An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.

  • CVE-2021-3017Apr 14, 2021
    risk 0.06cvss epss 0.63

    The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.

  • CVE-2019-11415Apr 21, 2019
    risk 0.05cvss epss 0.14

    An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login.

  • CVE-2019-19142Jan 17, 2020
    risk 0.04cvss epss 0.08

    Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request to the incoming/Firmware.cfg URI.

  • CVE-2021-32403May 17, 2021
    risk 0.03cvss epss 0.02

    Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of security mechanisms for token protection and unsafe inputs and modules.

  • CVE-2019-19516Dec 2, 2019
    risk 0.03cvss epss 0.10

    Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password.

  • CVE-2019-11416Apr 21, 2019
    risk 0.03cvss epss 0.04

    A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user.

  • CVE-2020-24285Apr 12, 2021
    risk 0.01cvss epss 0.04

    INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx.

  • CVE-2019-25472Mar 11, 2026
    risk 0.00cvss epss 0.00

    IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing…

  • CVE-2025-13187Nov 14, 2025
    risk 0.00cvss epss 0.00

    A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such manipulation of the argument NomeUsuario/SenhaAcess leads to unprotected storage of credentials. The attack may be launched…

  • CVE-2025-55976Sep 10, 2025
    risk 0.00cvss epss 0.03

    Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint.

  • CVE-2025-26065Aug 4, 2025
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network.

  • CVE-2025-26063Jul 31, 2025
    risk 0.00cvss epss 0.01

    An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to execute arbitrary code via injecting a crafted payload into the ESSID name when creating a network.

  • CVE-2025-26062Jul 31, 2025
    risk 0.00cvss epss 0.01

    An access control issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to access the router's settings file and obtain potentially sensitive information from the current settings.

  • CVE-2025-26064Jul 31, 2025
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device.

  • CVE-2025-50404Jul 1, 2025
    risk 0.00cvss epss 0.06

    Intelbras RX1500 Router v2.2.17 and before is vulnerable to Integer Overflow. The websReadEvent function incorrectly uses the int type when processing the "command" field of the http header, causing the array to cross the boundary and overwrite other fields in the array.

  • CVE-2025-50405Jul 1, 2025
    risk 0.00cvss epss 0.00

    Intelbras RX1500 Router v2.2.17 and before is vulnerable to Incorrect Access Control in the FirmwareUpload function and GetFirmwareValidation function.

  • CVE-2025-4286May 5, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação leads to unprotected storage of…

  • CVE-2025-0784Jan 28, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. This vulnerability affects unknown code of the file /v1/usuario/ of the component Registered User Handler. The manipulation leads to cleartext transmission of sensitive…

  • CVE-2024-9325Sep 29, 2024
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search…

  • CVE-2024-9324Sep 29, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code…

  • CVE-2024-6080Jun 17, 2024
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has…

  • CVE-2024-22773Feb 6, 2024
    risk 0.00cvss epss 0.01

    Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass.

  • CVE-2023-6103Nov 13, 2023
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Intelbras RX 1500 1.1.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /WiFi.html of the component SSID Handler. The manipulation leads to cross site scripting. The attack can be launched…

  • CVE-2022-40005Dec 25, 2022
    risk 0.00cvss epss 0.35

    Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute.

  • CVE-2022-43308Nov 18, 2022
    risk 0.00cvss epss 0.00

    INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies.

  • CVE-2022-24654Aug 15, 2022
    risk 0.00cvss epss 0.01

    Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload.

  • CVE-2021-32402May 17, 2021
    risk 0.00cvss epss 0.01

    Intelbras Router RF 301K Firmware 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF) due to lack of validation and insecure configurations in inputs and modules.

  • CVE-2020-12262Nov 26, 2020
    risk 0.00cvss epss 0.02

    Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS.

  • CVE-2020-13886Nov 26, 2020
    risk 0.00cvss epss 0.04

    Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal.

Page 1 of 2