Social Engineering Neo

**Name of the Vulnerable Software and Affected Versions** Intelbras IWR 1000N version 1.6.4 **Description** The issue allows disclosure of the administrator login name and password due to mishandling of the "v1/system/user" API endpoint. **Recommendations** For Intelbras IWR 1000N version 1.6.4, consider restricting access to the "v1/system/user" API endpoint until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Intelbras IWR 3000N version 1.5.0 **Description** An issue allows remote attackers to cause a denial of service, resulting in a device reboot. This can be achieved by sending a malformed login request, specifically by misparsing the `"` string to the `/api/v1/system/login` API endpoint. **Recommendations** For Intelbras IWR 3000N version 1.5.0, as a temporary workaround, consider restricting access to the `/api/v1/system/login` API endpoint until a patch is available. Additionally, avoid using malformed JSON strings in the login request to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intelbras IWR 3000N version 1.5.0 **Description** A CSRF issue allows for complete control of the router. The issue can be demonstrated by accessing the "v1/system/user" API endpoint. **Recommendations** For Intelbras IWR 3000N version 1.5.0, as a temporary workaround, consider restricting access to the "v1/system/user" API endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.