Vendor CVEs
Intelbras
All CVEs
62 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-8829 | 0.00 | — | 0.01 | May 5, 2020 | CSRF on Intelbras CIP 92200 devices allows an attacker to access the panel and perform scraping or other analysis. | |||
| CVE-2019-19517 | 0.00 | — | 0.01 | May 5, 2020 | Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html form, as demonstrated by launching a scrapy process. | |||
| CVE-2019-20004 | 0.00 | — | 0.01 | Jan 5, 2020 | An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router. | |||
| CVE-2019-19996 | 0.00 | — | 0.01 | Dec 26, 2019 | An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login. | |||
| CVE-2019-19995 | 0.00 | — | 0.01 | Dec 26, 2019 | A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user. | |||
| CVE-2019-19007 | 0.00 | — | 0.02 | Dec 5, 2019 | Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue to CVE-2019-17600. | |||
| CVE-2019-17222 | 0.00 | — | 0.01 | Nov 7, 2019 | An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is stored XSS in the Service Name tab of the WAN configuration screen, leading to a denial of service (inability to change the configuration). | |||
| CVE-2019-17600 | 0.00 | — | 0.01 | Oct 15, 2019 | Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled. | |||
| CVE-2019-11414 | 0.00 | — | 0.01 | Apr 21, 2019 | An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router. | |||
| CVE-2018-17337 | 0.00 | — | 0.01 | Oct 10, 2018 | Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast. | |||
| CVE-2018-12456 | 0.00 | — | 0.01 | Oct 10, 2018 | Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access. | |||
| CVE-2018-12455 | 0.00 | — | 0.05 | Oct 10, 2018 | Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie. |
- CVE-2020-8829May 5, 2020risk 0.00cvss —epss 0.01
CSRF on Intelbras CIP 92200 devices allows an attacker to access the panel and perform scraping or other analysis.
- CVE-2019-19517May 5, 2020risk 0.00cvss —epss 0.01
Intelbras RF1200 1.1.3 devices allow CSRF to bypass the login.html form, as demonstrated by launching a scrapy process.
- CVE-2019-20004Jan 5, 2020risk 0.00cvss —epss 0.01
An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router.
- CVE-2019-19996Dec 26, 2019risk 0.00cvss —epss 0.01
An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login.
- CVE-2019-19995Dec 26, 2019risk 0.00cvss —epss 0.01
A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user.
- CVE-2019-19007Dec 5, 2019risk 0.00cvss —epss 0.02
Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue to CVE-2019-17600.
- CVE-2019-17222Nov 7, 2019risk 0.00cvss —epss 0.01
An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is stored XSS in the Service Name tab of the WAN configuration screen, leading to a denial of service (inability to change the configuration).
- CVE-2019-17600Oct 15, 2019risk 0.00cvss —epss 0.01
Intelbras IWR 1000N 1.6.4 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled.
- CVE-2019-11414Apr 21, 2019risk 0.00cvss —epss 0.01
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router.
- CVE-2018-17337Oct 10, 2018risk 0.00cvss —epss 0.01
Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast.
- CVE-2018-12456Oct 10, 2018risk 0.00cvss —epss 0.01
Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access.
- CVE-2018-12455Oct 10, 2018risk 0.00cvss —epss 0.05
Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie.
Page 2 of 2