Summary
| Detail | |||
|---|---|---|---|
| Vendor | Intelbras | First view | 2019-04-22 |
| Product | Iwr 3000n Firmware | Last view | 2020-01-05 |
| Version | Type | ||
| Update | |||
| Edition | |||
| Language | |||
| Sofware Edition | |||
| Target Software | |||
| Target Hardware | |||
| Other | |||
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
| CPE Name | Affected CVE |
|---|---|
| cpe:2.3:o:intelbras:iwr_3000n_firmware:1.8.7:*:*:*:*:*:*:* | 4 |
| cpe:2.3:o:intelbras:iwr_3000n_firmware:1.5.0:*:*:*:*:*:*:* | 3 |
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 8.8 | 2020-01-05 | CVE-2019-20004 | An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router. |
| 7.5 | 2019-12-26 | CVE-2019-19996 | An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login. |
| 8.8 | 2019-12-26 | CVE-2019-19995 | A CSRF issue was discovered on Intelbras IWR 3000N 1.8.7 devices, leading to complete control of the router, as demonstrated by v1/system/user. |
| 7.2 | 2019-12-05 | CVE-2019-19007 | Intelbras IWR 3000N 1.8.7 devices allow disclosure of the administrator login name and password because v1/system/user is mishandled, a related issue to CVE-2019-17600. |
| 8.8 | 2019-04-22 | CVE-2019-11416 | A CSRF issue was discovered on Intelbras IWR 3000N 1.5.0 devices, leading to complete control of the router, as demonstrated by v1/system/user. |
| 7.5 | 2019-04-22 | CVE-2019-11415 | An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login. |
| 8.8 | 2019-04-22 | CVE-2019-11414 | An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 40% (2) | CWE-640 | Weak Password Recovery Mechanism for Forgotten Password |
| 40% (2) | CWE-352 | Cross-Site Request Forgery (CSRF) |
| 20% (1) | CWE-200 | Information Exposure |
