Intelbras VIP 3260 Z IA Password Recovery Vulnerability

A critical vulnerability exists in the Intelbras VIP 3260 Z IA version 2.840.00IB005.0.T, allowing remote, unauthenticated attackers to exploit a weakness in the password recovery mechanism. The issue arises from inadequate server-side validation in the web interface, where the backend mistakenly relies on client-handled security code verifications. This flaw enables attackers to bypass the verification process and change the administrator password, leading to unauthorized access and control over the device, including the ability to view live camera feeds.

Impact

Exploitation of this vulnerability allows for unauthorized administrative access to the device, including full control over the camera and access to live video feeds.

Remediation

Users are advised to upgrade to the latest version of the Intelbras VIP 3260 Z IA firmware, as a patch has been released prior to the public disclosure of this vulnerability.