PT-2025-27949 · Intelbras · Intelbras Incontrol

Lorenzomoulin

Publicado

2025-07-04

Atualizado

2025-07-04

CVE-2025-7061

CVSS v2.0

3.3

Baixa

Vetor

AV:N/AC:L/Au:M/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Intelbras InControl versions up to 2.21.60.9

Description: A vulnerability was found in Intelbras InControl, affecting unknown code of the file /v1/operador/. The manipulation leads to csv injection. The attack can be initiated remotely.

Recommendations: For versions up to 2.21.60.9, as a temporary workaround, consider restricting access to the /v1/operador/ endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Special Elements Injection

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-1236

Identificadores relacionados

CVE-2025-7061

Produtos afetados

Intelbras Incontrol

PT-2025-27949 · Intelbras · Intelbras Incontrol

CVE-2025-7061

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 8