mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 17:22:02 +00:00
916 B
916 B
CVE-2018-11094
Description
An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and other details are retrieved.
POC
Reference
- https://blog.kos-lab.com/Hello-World/
- https://blog.kos-lab.com/Hello-World/
- https://www.exploit-db.com/exploits/44637/
- https://www.exploit-db.com/exploits/44637/
Github
No PoCs found on GitHub currently.