Credential Disclosure Vulnerability in Intelbras IWR 1000N Devices
CVE-2019-17600

9.8CRITICAL

Key Information:

Vendor: Intelbras
Status: Iwr 1000n Firmware
Vendor: CVE Published:; 15 October 2019

Summary

The Intelbras IWR 1000N devices, specifically version 1.6.4, contain a vulnerability that enables unauthorized disclosure of the administrator's login credentials. This issue arises due to improper handling of requests to the /v1/system/user endpoint, which can be exploited to expose sensitive information, including usernames and passwords. Organizations utilizing these devices should take immediate action to secure their systems against potential unauthorized access.

References

https://pastebin.com/QbhVPyXm

x_refsource_MISC

https://www.exploit-db.com/exploits/46770/

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 15, 2019
Vulnerability Reserved
Oct 15, 2019