Cleartext Information Exposure in Intelbras InControl Software
CVE-2025-0784

6.3MEDIUM

Key Information:

Vendor
Intelbras
Status
Incontrol
Vendor
CVE Published:
28 January 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability exists in Intelbras InControl versions up to 2.21.58 that allows for the cleartext transmission of sensitive information through the Registered User Handler component. This issue enables remote attackers to intercept sensitive data, posing significant risks to user privacy and data integrity. Although exploiting this vulnerability requires considerable effort, it has been publicly disclosed, heightening the need for users to upgrade to version 2.21.59 to secure their systems.

Affected Version(s)

InControl 2.21.0

InControl 2.21.1

InControl 2.21.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

eldruin (VulDB User)
.