| タイトル | Intelbras VIP 3260 Z IA v2.840.00IB005.0.T Weak Password Recovery |
|---|
| 説明 | A critical vulnerability was identified in Intelbras security cameras that allows an unauthenticated remote attacker to reset the administrator account password.
The issue exists in the password recovery mechanism of the camera’s web interface. Due to insufficient server-side validation, the backend incorrectly trusts the result of a security code validation handled by the client. The validation of the recovery code and the administrator password update are processed in separate requests, and the backend does not properly enforce verification when handling the password change.
As a result, an attacker can bypass the security code verification process and successfully change the administrator password without authentication. This leads to full compromise of the device, including unauthorized administrative access and the ability to view live camera feeds.
Intelbras was responsibly notified of this issue and has released a fix prior to public disclosure. |
|---|
| ユーザー | ak7r4 (UID 94641) |
|---|
| 送信 | 2026年01月19日 03:08 (3 月 ago) |
|---|
| モデレーション | 2026年02月15日 20:22 (28 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 346171 [Intelbras VIP 3260 Z IA 2.840.00IB005.0.T /OutsideCmd 特権昇格] |
|---|
| ポイント | 17 |
|---|