Description
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
http://1.337.zone/2019/04/07/intelbras-iwr-3000n-1-5-0-unproper-de-authorization/
Scores
CVSS v3
8.8
EPSS
0.0132
EPSS Percentile
67.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-640
Status
published
Products (1)
intelbras/iwr_3000n_firmware
1.5.0
Published
Apr 22, 2019
Tracked Since
Feb 18, 2026