ID CVE-2018-11094
Summary An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and other details are retrieved.
References
Vulnerable Configurations
CVSS
Base: None
Impact:
Exploitability:
packetstorm via4
data source https://packetstormsecurity.com/files/download/147682/intelbrasncloud30010-bypass.txt
id PACKETSTORM:147682
last seen 2018-05-18
published 2018-05-17
reporter Pedro Aguiar
source https://packetstormsecurity.com/files/147682/Intelbras-NCLOUD-300-1.0-Authentication-Bypass.html
title Intelbras NCLOUD 300 1.0 Authentication Bypass
refmap via4
misc https://blog.kos-lab.com/Hello-World/
Last major update 15-05-2018 - 15:29
Published 15-05-2018 - 15:29
Last modified 19-05-2018 - 21:29
Back to Top