PT-2020-13751 · Intelbras · Intelbras Tip 300+2
Published
2020-11-26
·
Updated
2025-06-04
·
CVE-2020-13886
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Intelbras TIP 200 version 60.61.75.15
Intelbras TIP 200 LITE version 60.61.75.15
Intelbras TIP 300 version 65.61.75.22
Description
The issue allows Directory Traversal via the "cgi-bin/cgiServer.exx" endpoint with the
page parameter set to "../". This could potentially allow an attacker to access sensitive files on the device.Recommendations
For Intelbras TIP 200 version 60.61.75.15, consider restricting access to the "cgi-bin/cgiServer.exx" endpoint until a patch is available.
For Intelbras TIP 200 LITE version 60.61.75.15, consider restricting access to the "cgi-bin/cgiServer.exx" endpoint until a patch is available.
For Intelbras TIP 300 version 65.61.75.22, consider restricting access to the "cgi-bin/cgiServer.exx" endpoint until a patch is available.
As a temporary workaround, avoid using the
page parameter in the affected endpoint until the issue is resolved.Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Intelbras Tip 200
Intelbras Tip 200 Lite
Intelbras Tip 300