Credential Disclosure Vulnerability in Intelbras IWR 1000N Devices
CVE-2019-17600

9.8CRITICAL

Key Information:

Vendor
Intelbras
Vendor
CVE Published:
15 October 2019

Summary

The Intelbras IWR 1000N devices, specifically version 1.6.4, contain a vulnerability that enables unauthorized disclosure of the administrator's login credentials. This issue arises due to improper handling of requests to the /v1/system/user endpoint, which can be exploited to expose sensitive information, including usernames and passwords. Organizations utilizing these devices should take immediate action to secure their systems against potential unauthorized access.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.