PT-2019-16036 · Intelbras · Intelbras Iwr 3000N
Publicado
2019-12-26
·
Atualizado
2020-01-15
·
CVE-2019-19995
CVSS v2.0
9.3
Alta
| Vetor | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Intelbras IWR 3000N version 1.8.7
Description
A CSRF issue was discovered, allowing for complete control of the router. The issue is demonstrated by the "/v1/system/user" API endpoint.
Recommendations
For Intelbras IWR 3000N version 1.8.7, as a temporary workaround, consider restricting access to the
/v1/system/user API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Correção
CSRF
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Intelbras Iwr 3000N