Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote authenticated admins to read arbitrary files via the /cgi-bin/cgiServer.exx page parameter, aka absolute path traversal. In some cases, authentication can be achieved via the admin account with its default admin password.
References
| Link | Resource |
|---|---|
| https://www.exploit-db.com/exploits/44317/ | Exploit Third Party Advisory VDB Entry |
| https://www.exploit-db.com/exploits/44317/ | Exploit Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 04:14
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.exploit-db.com/exploits/44317/ - Exploit, Third Party Advisory, VDB Entry |
09 Sep 2021, 01:26
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:o:intelbras:telefone_ip_firmware:60.0.75.29:*:*:*:*:*:*:* cpe:2.3:h:intelbras:telefone_ip_tip200:-:*:*:*:lite:*:*:* |
cpe:2.3:o:intelbras:tip200lite_firmware:60.0.75.29:*:*:*:*:*:*:* cpe:2.3:o:intelbras:tip200_firmware:60.0.75.29:*:*:*:*:*:*:* cpe:2.3:h:intelbras:tip200:-:*:*:*:*:*:*:* cpe:2.3:h:intelbras:tip200lite:-:*:*:*:*:*:*:* |
| CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 7.2 |
Information
Published : 2018-03-25 18:29
Updated : 2024-11-21 04:14
NVD link : CVE-2018-9010
Mitre link : CVE-2018-9010
CVE.ORG link : CVE-2018-9010
JSON object : View
Products Affected
intelbras
- tip200_firmware
- tip200lite_firmware
- tip200lite
- tip200
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')