Path Traversal Vulnerability in Intelbras VIP Series Products
CVE-2024-12897

5.3MEDIUM

Key Information:

Vendor
Intelbras
Status
Vip S3020 G2
Vip S4020 G2
Vip S4020 G3
Vip S4320 G2
Vendor
CVE Published:
23 December 2024

Badges

👾 Exploit Exists

Summary

A significant path traversal vulnerability has been discovered in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3, and VIP S4320 G2 models that can be exploited remotely via their Web Interface. This vulnerability originates from an insecure component of the file structure related to 'Sha1Account1', allowing an attacker to manipulate file paths beyond intended limits. If exploited, this can lead to unauthorized access to sensitive files on the affected systems, presenting serious security risks. With the potential for public exploitation due to disclosed details, it is crucial for users of these products to monitor for updates and apply necessary mitigations promptly.

Affected Version(s)

VIP S3020 G2 20241222

VIP S4020 G2 20241222

VIP S4020 G3 20241222

References

https://vuldb.com/?id.289167
vdb-entrytechnical-description
https://vuldb.com/?ctiid.289167
signaturepermissions-required
https://vuldb.com/?submit.464260
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability Reserved

Credit

netsecfish (VulDB User)
.