| Título | Intelbras VIP 3260 Z IA v2.840.00IB005.0.T Weak Password Recovery |
|---|
| Descrição | A critical vulnerability was identified in Intelbras security cameras that allows an unauthenticated remote attacker to reset the administrator account password.
The issue exists in the password recovery mechanism of the camera’s web interface. Due to insufficient server-side validation, the backend incorrectly trusts the result of a security code validation handled by the client. The validation of the recovery code and the administrator password update are processed in separate requests, and the backend does not properly enforce verification when handling the password change.
As a result, an attacker can bypass the security code verification process and successfully change the administrator password without authentication. This leads to full compromise of the device, including unauthorized administrative access and the ability to view live camera feeds.
Intelbras was responsibly notified of this issue and has released a fix prior to public disclosure. |
|---|
| Utilizador | ak7r4 (UID 94641) |
|---|
| Submissão | 19/01/2026 03h08 (há 3 meses) |
|---|
| Moderação | 15/02/2026 20h22 (28 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 346171 [Intelbras VIP 3260 Z IA 2.840.00IB005.0.T /OutsideCmd Elevação de Privilégios] |
|---|
| Pontos | 17 |
|---|