Path Traversal Vulnerability in Intelbras VIP Series Products
CVE-2024-12897
Summary
A significant path traversal vulnerability has been discovered in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3, and VIP S4320 G2 models that can be exploited remotely via their Web Interface. This vulnerability originates from an insecure component of the file structure related to 'Sha1Account1', allowing an attacker to manipulate file paths beyond intended limits. If exploited, this can lead to unauthorized access to sensitive files on the affected systems, presenting serious security risks. With the potential for public exploitation due to disclosed details, it is crucial for users of these products to monitor for updates and apply necessary mitigations promptly.
Affected Version(s)
VIP S3020 G2 20241222
VIP S4020 G2 20241222
VIP S4020 G3 20241222
References
CVSS V4
Timeline
Vulnerability published
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability Reserved