Administrative Control Flaw in Intelbras IWR 3000N Router
CVE-2019-11414

8.8HIGH

Key Information:

Vendor
Intelbras
Vendor
CVE Published:
22 April 2019

Summary

A security flaw has been identified in the Intelbras IWR 3000N 1.5.0 devices. When an administrator changes the router's password from a specific client IP address, the router fails to properly revoke administrative access for that IP address. This oversight allows any client operating from the same address to maintain unrestricted control over the router, posing significant security risks. Immediate attention to this issue is necessary to prevent unauthorized access to sensitive administrative functions.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.