CVE-2024-12897

MEDIUM

Intelbras VIP S3020 G2-VIP S4320 G2 20241222 - Path Traversal

Title source: llm

Description

A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. It has been classified as critical. This affects an unknown part of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

References (5)

[Various Sources] https://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7

[Permissions Required, VDB Entry] https://vuldb.com/?id.289167

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.289167

[Permissions Required, VDB Entry] https://vuldb.com/?submit.464260

[Various Sources] https://netsecfish.notion.site/Path-Traversal-Vulnerability-in-IntelBras-IP-Cameras-mtd-Config-Sha1Account1-and-mtd-Confi-15e6b683e67c80809442ee3425f753b7?pvs=4

Scores

CVSS v3 4.3

EPSS 0.0018

EPSS Percentile 39.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-23 CWE-24

Status published

Products (4)

Intelbras/VIP S3020 G2 20241222

Intelbras/VIP S4020 G2 20241222

Intelbras/VIP S4020 G3 20241222

Intelbras/VIP S4320 G2 20241222

Published Dec 23, 2024

Tracked Since Feb 18, 2026