Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-10369

A Cross-site scripting (XSS) vulnerability was discovered on Intelbras Win 240 V1.1.0 devices. An attacker can change the Admin Password without a Login.

Published

2018-08-15T17:29:00.313

Last Modified

2024-11-21T03:41:16.927

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	intelbras	win_240_firmware	1.1.0	Yes
Hardware	intelbras	win_240	-	No

References

https://medium.com/%40julianpedrobraga/router-hacking-destrinchando-o-elo-mais-fraco-de-uma-rede-4d0e7fcfbd9e ([email protected])
https://medium.com/%40julianpedrobraga/router-hacking-destrinchando-o-elo-mais-fraco-de-uma-rede-4d0e7fcfbd9e (af854a3a-2127-422b-91ae-364da2661108)