PT-2018-11186 · Intelbras · Intelbras Nplug

Patrick Costa

Published

2018-10-10

Updated

2018-11-28

CVE-2018-12455

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Intelbras NPLUG version 1.0.0.14

Description The issue allows an attacker to authenticate in the web interface by using "admin:" as the name of a cookie. This means that an attacker can potentially gain access to the device without needing a valid password.

Recommendations For Intelbras NPLUG version 1.0.0.14, consider disabling the web interface until a patch is available to prevent potential exploitation. Restrict access to the device to minimize the risk of unauthorized access.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2018-12455

Affected Products

Intelbras Nplug

PT-2018-11186 · Intelbras · Intelbras Nplug

CVE-2018-12455

Weakness Enumeration

Related Identifiers

Affected Products

References · 3