Unquoted Search Path Vulnerability in Intelbras InControl Webcam Service
CVE-2024-6080

7.8HIGH

Key Information:

Vendor

Intelbras

Status
Incontrol
Vendor
CVE Published:
17 June 2024

What is CVE-2024-6080?

A significant security vulnerability has been identified in Intelbras InControl version 2.21.56, specifically within the incontrolWebcam Service. This flaw is categorized as an unquoted search path, which could lead to unauthorized execution of code under certain conditions. To exploit this vulnerability, an attacker requires local access to the system. Although details about the vulnerability were publicly disclosed, the vendor, Intelbras, was informed ahead of time and is actively working on a security patch. Users are strongly advised to upgrade to version 2.21.58 to mitigate any potential risks associated with this vulnerability.

Affected Version(s)

InControl 2.21.56

References

https://vuldb.com/?id.268822
vdb-entry
https://vuldb.com/?ctiid.268822
signaturepermissions-required
https://vuldb.com/?submit.353502
third-party-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Credit

Stux (VulDB User)
.