Administrative Control Flaw in Intelbras IWR 3000N Router
CVE-2019-11414

8.8HIGH

Key Information:

Vendor: Intelbras
Status: Iwr 3000n Firmware
Vendor: CVE Published:; 22 April 2019

Summary

A security flaw has been identified in the Intelbras IWR 3000N 1.5.0 devices. When an administrator changes the router's password from a specific client IP address, the router fails to properly revoke administrative access for that IP address. This oversight allows any client operating from the same address to maintain unrestricted control over the router, posing significant security risks. Immediate attention to this issue is necessary to prevent unauthorized access to sensitive administrative functions.

References

http://1.337.zone/2019/04/07/intelbras-iwr-3000n-1-5-0-un...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2019
Vulnerability Reserved
Apr 21, 2019