Eldruin

**Name of the Vulnerable Software and Affected Versions** Intelbras TIP 635G version 1.12.3.5 **Description** A flaw exists in the Ping Handler component of the software that allows for os command injection. This can be triggered remotely. The exploit for this issue has been publicly released. The vendor was notified but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intelbras UnniTI version 24.07.11 **Description** A weakness exists in Intelbras UnniTI 24.07.11 related to the storage of credentials. Manipulation of the `Senha` argument within the `Usuario` element of the `/xml/sistema/usuarios.xml` file can lead to unprotected storage of credentials. The issue can be exploited remotely, and an exploit has been publicly released. The affected element is an unknown function within the specified file. **Recommendations** Apply mitigations to prevent manipulation of the `Senha` argument within the `Usuario` element of the `/xml/sistema/usuarios.xml` file.

**Name of the Vulnerable Software and Affected Versions** Intelbras ICIP version 2.0.20 **Description** A security issue exists in Intelbras ICIP 2.0.20. Manipulation of the `NomeUsuario`/`SenhaAcess` arguments within the file `/xml/sistema/acessodeusuario.xml` results in credentials being stored insecurely. This attack can be initiated remotely. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intelbras InControl versions up to 2.21.59 **Description** A vulnerability was found in the component Dispositivos Edição Page, where the manipulation of the argument `Senha de Comunicação` leads to unprotected storage of credentials. This issue can be exploited remotely. **Recommendations** For versions up to 2.21.59, wait for a later release that should fix this issue. As a temporary workaround, consider restricting access to the Dispositivos Edição Page component to minimize the risk of exploitation. Avoid using the `Senha de Comunicação` argument in affected areas until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Intelbras InControl versions up to 2.21.58 **Description** A vulnerability has been found in Intelbras InControl, affecting unknown code of the file /v1/usuario/ of the component Registered User Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high, and the exploitation appears to be difficult. **Recommendations** For Intelbras InControl versions up to 2.21.58, upgrade to version 2.21.59 to address this issue. As a temporary workaround, consider restricting access to the `/v1/usuario/` endpoint of the Registered User Handler component until the upgrade is applied.