An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router.
References
Link | Resource |
---|---|
https://medium.com/@rsantos_14778/remote-control-cve-2019-20004-21f77e976715 | Exploit Third Party Advisory |
http://en.intelbras.com.br/downloads | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2020-01-05 15:15
Updated : 2020-01-14 10:20
NVD link : CVE-2019-20004
Mitre link : CVE-2019-20004
JSON object : View
CWE
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
Products Affected
intelbras
- iwr_3000n_firmware
- iwr_3000n