PT-2024-19558 · Intelbras · Intelbras Action Rf 1200
Published
2024-02-05
·
Updated
2024-04-29
·
CVE-2024-22773
CVSS v3.1
8.1
High
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Intelbras Action RF 1200 routers versions 1.2.2 and earlier
Intelbras Action RG 1200 routers versions 2.1.7 and earlier
Description
The issue exposes the
password in cookie, resulting in login bypass. This allows unauthorized access to the device.Recommendations
For Intelbras Action RF 1200 routers versions 1.2.2 and earlier, consider disabling the login functionality until a patch is available.
For Intelbras Action RG 1200 routers versions 2.1.7 and earlier, restrict access to the device to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Insecure Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Intelbras Action Rf 1200