PT-2019-15221 · Intelbras · Intelbras Iwr 1000N

Social Engineering Neo

Published

2019-10-15

Updated

2019-11-16

CVE-2019-17600

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Intelbras IWR 1000N version 1.6.4

Description The issue allows disclosure of the administrator login name and password due to mishandling of the "v1/system/user" API endpoint.

Recommendations For Intelbras IWR 1000N version 1.6.4, consider restricting access to the "v1/system/user" API endpoint until a patch is available.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2019-17600

Affected Products

Intelbras Iwr 1000N

PT-2019-15221 · Intelbras · Intelbras Iwr 1000N

CVE-2019-17600

Weakness Enumeration

Related Identifiers

Affected Products

References · 4