CVE-2024-12897

Name of the Vulnerable Software and Affected Versions Intelbras VIP S3020 G2 versions up to 20241222 Intelbras VIP S4020 G2 versions up to 20241222 Intelbras VIP S4020 G3 versions up to 20241222 Intelbras VIP S4320 G2 versions up to 20241222

Description A critical vulnerability was found in the Web Interface component of Intelbras VIP cameras, affecting an unknown part of the file ../mtd/Config/Sha1Account1. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Intelbras VIP S3020 G2 versions up to 20241222, consider disabling remote access to the Web Interface until a patch is available. For Intelbras VIP S4020 G2 versions up to 20241222, restrict access to the ../mtd/Config/Sha1Account1 file to minimize the risk of exploitation. For Intelbras VIP S4020 G3 versions up to 20241222, avoid using the Web Interface until the issue is resolved. For Intelbras VIP S4320 G2 versions up to 20241222, consider temporarily disabling the Web Interface component until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.