Cleartext Information Exposure in Intelbras InControl Software
CVE-2025-0784
Key Information:
- Vendor
- Intelbras
- Status
- Incontrol
- Vendor
- CVE Published:
- 28 January 2025
Badges
Summary
A vulnerability exists in Intelbras InControl versions up to 2.21.58 that allows for the cleartext transmission of sensitive information through the Registered User Handler component. This issue enables remote attackers to intercept sensitive data, posing significant risks to user privacy and data integrity. Although exploiting this vulnerability requires considerable effort, it has been publicly disclosed, heightening the need for users to upgrade to version 2.21.59 to secure their systems.
Affected Version(s)
InControl 2.21.0
InControl 2.21.1
InControl 2.21.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved