Cross-site Scripting Vulnerability in Intelbras Win 240 Devices
CVE-2018-10369

9.8CRITICAL

Key Information:

Vendor: Intelbras
Status: Win 240 Firmware
Vendor: CVE Published:; 15 August 2018

What is CVE-2018-10369?

A Cross-site Scripting (XSS) vulnerability was identified in Intelbras Win 240 V1.1.0 devices, which allows attackers to modify the administrator password without requiring authentication. This flaw exposes devices to unauthorized access and potential manipulation, emphasizing the need for immediate security measures to protect sensitive information and maintain network integrity.

References

https://medium.com/%40julianpedrobraga/router-hacking-des...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 15, 2018
Vulnerability Reserved
Apr 25, 2018