CVE-2019-20004

EUVD-2019-10561
An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
Affected Products (NVD)
VendorProductVersion
intelbrasiwr_3000n_firmware
1.8.7
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://en.intelbras.com.br/downloads
https://medium.com/%40rsantos_14778/remote-control-cve-2019-20004-21f77e976715
http://en.intelbras.com.br/downloads
https://medium.com/%40rsantos_14778/remote-control-cve-2019-20004-21f77e976715