PT-2020-13082 · Intelbras · Intelbras Tip 300+2
Lucas Souza
·
Published
2020-11-26
·
Updated
2025-06-04
·
CVE-2020-12262
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Intelbras TIP200 version 60.61.75.15
Intelbras TIP200LITE version 60.61.75.15
Intelbras TIP300 version 65.61.75.15
Description
The issue allows for XSS attacks through the
/cgi-bin/cgiServer.exx API endpoint, specifically when the page parameter is exploited. This could potentially lead to malicious script execution.Recommendations
For Intelbras TIP200 version 60.61.75.15, restrict access to the
/cgi-bin/cgiServer.exx API endpoint to minimize the risk of exploitation.
For Intelbras TIP200LITE version 60.61.75.15, avoid using the page parameter in the affected API endpoint until the issue is resolved.
For Intelbras TIP300 version 65.61.75.15, consider disabling the /cgi-bin/cgiServer.exx API endpoint as a temporary workaround until a patch is available.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Intelbras Tip 200
Intelbras Tip 200 Lite
Intelbras Tip 300