Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
Intelbras ICIP Unprotected Storage of Credentials Vulnerability
Vulnerability
A vulnerability in Intelbras ICIP version 2.0.20 allows for the unprotected storage of credentials. This issue arises from an unknown function in the file '/xml/sistema/acessodeusuario.xml', where manipulation of the 'NomeUsuario/SenhaAcess' argument leads to the plaintext storage of administrative usernames and passwords. The vulnerability can be exploited remotely without authentication, enabling full device takeover.
Impact
Exploitation of this vulnerability allows for unauthorized access to administrative credentials, which can be used for complete control over the affected device.
Reproduction
The vulnerability can be reproduced by sending a request to the '/xml/sistema/acessodeusuario.xml' file with manipulated 'NomeUsuario' and 'SenhaAcess' arguments. This can be done remotely, and no authentication is required.
Remediation
It is recommended to implement restrictive firewalling to block unauthorized access to the vulnerable file.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.