| 제목 | Intelbras VIP 3260 Z IA v2.840.00IB005.0.T Weak Password Recovery |
|---|
| 설명 | A critical vulnerability was identified in Intelbras security cameras that allows an unauthenticated remote attacker to reset the administrator account password.
The issue exists in the password recovery mechanism of the camera’s web interface. Due to insufficient server-side validation, the backend incorrectly trusts the result of a security code validation handled by the client. The validation of the recovery code and the administrator password update are processed in separate requests, and the backend does not properly enforce verification when handling the password change.
As a result, an attacker can bypass the security code verification process and successfully change the administrator password without authentication. This leads to full compromise of the device, including unauthorized administrative access and the ability to view live camera feeds.
Intelbras was responsibly notified of this issue and has released a fix prior to public disclosure. |
|---|
| 사용자 | ak7r4 (UID 94641) |
|---|
| 제출 | 2026. 01. 19. AM 03:08 (3 개월 ago) |
|---|
| 모더레이션 | 2026. 02. 15. PM 08:22 (28 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 346171 [Intelbras VIP 3260 Z IA 2.840.00IB005.0.T /OutsideCmd 권한 상승] |
|---|
| 포인트들 | 17 |
|---|