CVE-2024-12897

MEDIUM

Intelbras VIP S3020 G2-VIP S4320 G2 20241222 - Path Traversal

Title source: llm

Description

A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. It has been classified as critical. This affects an unknown part of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

References (5)

[Various Sources] https://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7?pvs=4

[Various Sources] https://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.289167

[Permissions Required, VDB Entry] https://vuldb.com/?id.289167

[Permissions Required, VDB Entry] https://vuldb.com/?submit.464260

Scores

CVSS v3 4.3

EPSS 0.0018

EPSS Percentile 39.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-24 CWE-23

Status draft

Timeline

Published Dec 23, 2024

Tracked Since Feb 18, 2026