Authentication Bypass Vulnerability in Intelbras WRN240 Devices
CVE-2019-19142

7.5HIGH

Key Information:

Vendor: Intelbras
Status: Wrn 240 Firmware
Vendor: CVE Published:; 17 January 2020

Summary

The Intelbras WRN240 devices are susceptible to an authentication bypass vulnerability that allows unauthorized users to replace the firmware without needing authentication. This major flaw can lead to significant security risks, including potential control over the device and exploitation of sensitive data. Attackers can exploit this vulnerability by sending a POST request to the Firmware.cfg URI, enabling them to modify the device firmware at will without any authentication checks.

References

https://fireshellsecurity.team/hack-n-routers/

x_refsource_MISC

http://packetstormsecurity.com/files/156589/Intelbras-Wir...

x_refsource_MISC

EPSS Score

12% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 17, 2020
Vulnerability Reserved
Nov 21, 2019