Authentication Bypass in Intelbras WRN 150 Devices
CVE-2017-14942

9.8CRITICAL

Key Information:

Vendor: Intelbras
Status: Wrn 150 Firmware
Vendor: CVE Published:; 30 September 2017

What is CVE-2017-14942?

The Intelbras WRN 150 devices are susceptible to a vulnerability that allows remote attackers to access the device’s configuration files. By sending a direct request to the URL cgi-bin/DownloadCfg/RouterCfm.cfg with an admin:language=pt cookie, unauthorized users can bypass authentication measures. This can lead to exposure of sensitive configuration data, thereby compromising the security of the network within which the affected devices operate.

References

https://www.exploit-db.com/exploits/42916/

exploitx_refsource_EXPLOIT-DB

http://whiteboyz.xyz/authentication-bypass-intelbras-wrn-...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Sep 30, 2017