CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-11094

An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and other details are retrieved.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.681

EPSS Ranking 98.5%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

https://blog.kos-lab.com/Hello-World/
https://www.exploit-db.com/exploits/44637/
https://blog.kos-lab.com/Hello-World/
https://www.exploit-db.com/exploits/44637/

Products affected by CVE-2018-11094

Intelbras » Ncloud 300 » Version: N/A

cpe:2.3:h:intelbras:ncloud_300:-
Intelbras » Ncloud 300 Firmware » Version: 1.0

cpe:2.3:o:intelbras:ncloud_300_firmware:1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-11094

Products

Pricing

Contact Us