575 matches found
CVE-2019-11416
Intelbras IWR 3000N (firmware 1.5.0) is affected by a CSRF vulnerability that allows an attacker with network access to gain complete router control via v1/system/user. Root cause is a CSRF weakness enabling unauthorized configuration changes without proper authorization. Impact per sources is hi...
CVE-2019-11416
A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user...
CVE-2019-11415
CVE-2019-11415 affects Intelbras IWR 3000N devices (firmware 1.5.0). A malformed login request leads to remote denial of service (reboot) via JSON misparsing of the "}" string to v1/system/login. Impact: availability (HIGH). Remediation: upgrade to iwr-3000n-1.8.7_0 per advisories; PoC/exploit re...
CVE-2019-11414
CVE-2019-11414 affects Intelbras IWR 3000N devices running 1.5.0. The issue: when the administrator password is changed from a specific client IP address, administrative authorization remains available to any client at that IP, allowing complete control of the router. Root cause and detailed mech...
CVE-2019-11414
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router...
Intelbras NCLOUD 300 Router Default Credentials (Telnet)
Intelbras NCLOUD 300 Router have a default telnet password set. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Intelbras NCLOUD Devices Detection (HTTP)
HTTP based detection of Intelbras NCLOUD devices. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:embedthis:goahead"; ifdescripti...
Intelbras NPLUG Cross-Site Scripting Vulnerability
Intelbras NPLUG is a wireless relay device from Intelbras Poland. A cross-site scripting vulnerability exists in Intelbras NPLUG version 1.0.0.14. The vulnerability can be exploited by remote attackers to inject arbitrary web script or HTML via a specially crafted SSID...
Intelbras NPLUG License Issue Vulnerability
Intelbras NPLUG is a wireless relay device from Intelbras Poland. Intelbras NPLUG is vulnerable to an authorization issue. An attacker could exploit this vulnerability to bypass authentication...
CVE-2018-17337
Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast...
CVE-2018-17337
Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast...
CVE-2018-12456
Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access...
CVE-2018-12455
Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie...
CVE-2018-12455
Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie...
Cross site request forgery (csrf)
Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access...
Design/Logic Flaw
Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast...
Spoofing
Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie...
CVE-2018-12456
Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access...
CVE-2018-12455
CVE-2018-12455 affects Intelbras NPLUG 1.0.0.14. The NPLUG device is vulnerable to authentication bypass via a cookie named "admin:", enabling unauthenticated access to the web interface and risking exposure of credentials and configuration. Connected sources (Nuclei template, CNVD/CVE lists, and...
CVE-2018-12456
Vulnerability summary (CVE-2018-12456): Intelbras NPLUG 1.0.0.14 wireless repeater web interface lacks CSRF token protection, enabling a CSRF-based attack that can modify the SSID, reboot the device, edit the access control list, or activate remote access. The CNVD entry confirms the CSRF vulnera...