CVE Vulnerability

CVE-2019-11414

An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
http://1.337.zone/2019/04/07/intelbras-iwr-3000n-1-5-0-unproper-de-authorization/ Exploit Third Party Advisory
Configurations

Configuration 1
Information

Published : 2019-04-22 11:29

Updated : 2019-04-22 08:17

NVD link : CVE-2019-11414

Mitre link : CVE-2019-11414

Products Affected

Intelbras

Iwr 3000n Firmware

CWE
CWE-640

Weak Password Recovery Mechanism for Forgotten Password