Description
An issue was discovered on Intex N150 devices. The backup/restore option does not check the file extension uploaded for importing a configuration files backup, which can lead to corrupting the router firmware settings or even the uploading of malicious files. In order to exploit the vulnerability, an attacker can upload any malicious file and force reboot the router with it.
Exploits (1)
References (2)
Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/44933/
Exploit, Third Party Advisory x_refsource_misc
http://securitywarrior9.blogspot.com/2018/06/malicious-file-upload-intex-router-n.html
Scores
CVSS v3
8.1
EPSS
0.0052
EPSS Percentile
66.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (1)
intex/n150_firmware
Published
Jul 02, 2018
Tracked Since
Feb 18, 2026