CVE Details
Basic Information
| Title | Intelbras InControl JSON Endpoint operador information disclosure |
|---|---|
| Type | cve |
| Published | 2025-08-04T10:32:05.124Z |
| Modified | 2025-08-04T10:32:05.124Z |
Product Information
| Vendor | Intelbras |
|---|---|
| Product | InControl |
| Version | 2.21.60.9 |
CVSS Information
| Base Score | 2.3 (LOW) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | An information disclosure vulnerability exists in the JSON Endpoint of Intelbras InControl version 2.21.60.9. This allows remote attackers to access sensitive data via the /v1/operador/ endpoint. The vulnerability is considered difficult to exploit due to its high attack complexity. |
|---|---|
| AI Severity | Low |
| AI Vendor | Intelbras |
| AI Product | InControl |
| AI Version | 2.21.60.9 |
Affected Products
- Intelbras InControl 2.21.60.9
Additional Information
| CWE List | CWE-200, CWE-284 |
|---|---|
| Source | VulDB |
Description
A vulnerability was found in Intelbras InControl 2.21.60.9 and classified as problematic. This issue affects some unknown processing of the file /v1/operador/ of the component JSON Endpoint. The manipulation leads to information disclosure. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component.