CVE-2024-3160

MEDIUM

Intelbras MHDX and HDCVI - Information Disclosure via /cap.js HTTP GET Request

Title source: llm

Description

** DISPUTED ** A vulnerability, which was classified as problematic, was found in Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 and HDCVI 1016 up to 20240401. This affects an unknown part of the file /cap.js of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-258933 was assigned to this vulnerability. NOTE: The vendor explains that they do not classify the information shown as sensitive and therefore there is no vulnerability which is about to harm the user.

References (4)

Core 4

Core References

Permissions Required, VDB Entry vdb-entry

https://vuldb.com/?id.258933

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.258933

Permissions Required, VDB Entry third-party-advisory

https://vuldb.com/?submit.305410

Various Sources exploit

https://github.com/netsecfish/intelbras_cap_js

View Writeup ZIP pw:eip

Scores

CVSS v3 5.3

EPSS 0.0067

EPSS Percentile 47.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (6)

Intelbras/HDCVI 1008 20240401

Intelbras/HDCVI 1016 20240401

Intelbras/MHDX 1004 20240401

Intelbras/MHDX 1008 20240401

Intelbras/MHDX 1016 20240401

Intelbras/MHDX 5016 20240401

Published Apr 02, 2024

Tracked Since Feb 18, 2026