Cross-Site Scripting in Intelbras VoIP Devices
CVE-2020-12262

5.4MEDIUM

Key Information:

Vendor
Intelbras
Status
Tip200 Firmware
Vendor
CVE Published:
27 November 2020

Summary

Intelbras VoIP devices, specifically the TIP200, TIP200LITE, and TIP300 models, are susceptible to a Cross-Site Scripting (XSS) vulnerability. This flaw allows an attacker to inject malicious scripts through the vulnerable CGI endpoint /cgi-bin/cgiServer.exx?page=, potentially enabling unauthorized access or manipulation of user data. Users of these devices are strongly advised to implement security measures to minimize the risk of exploitation and ensure the integrity of their communications.

References

https://www.youtube.com/watch?v=rihboOgiJRs
x_refsource_MISC
https://blog.skullsec.com.br/CVE-2020-12262/
x_refsource_MISC
https://lucxs.medium.com/cve-2020-12262-xss-voip-intelbra...
x_refsource_MISC

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.