Credential Disclosure Vulnerability in Intelbras IWR 1000N Devices
CVE-2019-17600
9.8CRITICAL
Summary
The Intelbras IWR 1000N devices, specifically version 1.6.4, contain a vulnerability that enables unauthorized disclosure of the administrator's login credentials. This issue arises due to improper handling of requests to the /v1/system/user endpoint, which can be exploited to expose sensitive information, including usernames and passwords. Organizations utilizing these devices should take immediate action to secure their systems against potential unauthorized access.
References
CVSS V3.1
Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved