Intelbras NPLUG License Issue Vulnerability

Intelbras NPLUG is a wireless relay device from Intelbras Poland. Intelbras NPLUG is vulnerable to an authorization issue. An attacker could exploit this vulnerability to bypass authentication...

CVE-2018-17337

Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast...

CVE-2018-17337

Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast...

CVE-2018-12455

Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie...

CVE-2018-12455

Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie...

CVE-2018-12456

Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access...

Cross site request forgery (csrf)

Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access...

Design/Logic Flaw

Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast...

Spoofing

Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie...

CVE-2018-17337

Intelbras NPLUG 1.0.0.14 devices have XSS via a crafted SSID that is received via a network broadcast...

CVE-2018-12455

CVE-2018-12455 affects Intelbras NPLUG 1.0.0.14. The NPLUG device is vulnerable to authentication bypass via a cookie named "admin:", enabling unauthenticated access to the web interface and risking exposure of credentials and configuration. Connected sources (Nuclei template, CNVD/CVE lists, and...

CVE-2018-12456

Vulnerability summary (CVE-2018-12456): Intelbras NPLUG 1.0.0.14 wireless repeater web interface lacks CSRF token protection, enabling a CSRF-based attack that can modify the SSID, reboot the device, edit the access control list, or activate remote access. The CNVD entry confirms the CSRF vulnera...

CVE-2018-17337

CVE-2018-17337 affects Intelbras NPLUG 1.0.0.14. The connected documents confirm a cross-site scripting (XSS) vulnerability that can be triggered by a specially crafted SSID received over a network broadcast. The root cause is the handling of SSID data leading to script/HTML injection. The report...

CVE-2018-12455

Intelbras NPLUG 1.0.0.14 wireless repeater devices have a critical vulnerability that allows an attacker to authenticate in the web interface just by using "admin:" as the name of a cookie...

CVE-2018-12456

Intelbras NPLUG 1.0.0.14 wireless repeater devices have no CSRF token protection in the web interface, allowing attackers to perform actions such as changing the wireless SSID, rebooting the device, editing access control lists, or activating remote access...

NPLUG Wireless Repeater 1.0.0.14 CSRF / XSS / Authentication Bypass Vulnerabilities

NPLUG Wireless Repeater version 1.0.0.14 suffers from authentication bypass, cross site request forgery, and cross site scripting vulnerabilities. ===== Tempest Security Intelligence ===================================== Multiple vulnerabilities in NPLUG wireless repeater CVE-2018-12455:...

NPLUG Wireless Repeater 1.0.0.14 CSRF / XSS / Authentication Bypass

===== Tempest Security Intelligence ===================================== Multiple vulnerabilities in NPLUG wireless repeater CVE-2018-12455: Authentication bypass CVE-2018-12456: Multiple CSRF CVE-2018-17337: XSS via SSID ------------------------------------------------------- Author: - Patrick...