Today > 2 Critical | 5 High | 12 Medium | 1 Low vulnerabilities   -   You can now download lists of IOCs here!

CVE-2024-12897

Dec. 24, 2024, 4:15 p.m.

CVSS Score

4.3 / 10

Product(s) Impacted

Intelbras VIP Series

  • S3020 G2
  • S4020 G2
  • S4020 G3
  • S4320 G2 up to 20241222

Description

A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. It has been classified as critical. This affects an unknown part of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Weaknesses

CWE-23
Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

CWE ID: 23

Date

Published: Dec. 23, 2024, 12:15 a.m.

Last Modified: Dec. 24, 2024, 4:15 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cna@vuldb.com

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

Base Score
4.3
Exploitability Score
2.8
Impact Score
1.4
Base Severity
MEDIUM
CVSS Vector String

The CVSS vector string provides an in-depth view of the vulnerability metrics.

View Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References


https://vuldb.com/ cna@vuldb.com

https://vuldb.com/ cna@vuldb.com

https://vuldb.com/ cna@vuldb.com

https://netsecfish.notion.site/ 134c704f-9b21-4f2e-91b3-4a467353bcc0