CVE-2019-20004

HIGH

Intelbras Iwr 3000n Firmware - Password Reset Weakness

Title source: rule

Description

An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router.

References (2)

[Various Sources] https://medium.com/%40rsantos_14778/remote-control-cve-2019-20004-21f77e976715

[Vendor Advisory] http://en.intelbras.com.br/downloads

Scores

CVSS v3 8.8

EPSS 0.0035

EPSS Percentile 57.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-640

Status published

Products (1)

intelbras/iwr_3000n_firmware 1.8.7

Published Jan 05, 2020

Tracked Since Feb 18, 2026