CVE-2024-3160 (GCVE-0-2024-3160)
Vulnerability from cvelistv5 – Published: 2024-04-02 02:31 – Updated: 2024-08-26 14:36
VLAI?
Summary
** DISPUTED ** A vulnerability, which was classified as problematic, was found in Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 and HDCVI 1016 up to 20240401. This affects an unknown part of the file /cap.js of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-258933 was assigned to this vulnerability. NOTE: The vendor explains that they do not classify the information shown as sensitive and therefore there is no vulnerability which is about to harm the user.
Severity ?
5.3 (Medium)
5.3 (Medium)
CWE
- CWE-200 - Information Disclosure
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
Credits
netsecfish (VulDB User)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:05:07.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-258933 | Intelbras HDCVI 1016 HTTP GET Request cap.js information disclosure",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "https://vuldb.com/?id.258933"
},
{
"name": "VDB-258933 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.258933"
},
{
"name": "Submit #305410 | Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008, HDCVI 1016 N/A Exposure of Sensitive Information to an Unauthorized Actor",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.305410"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/netsecfish/intelbras_cap_js"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:o:intelbras:mhdx_1004_firmware:20240401:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mhdx_1004_firmware",
"vendor": "intelbras",
"versions": [
{
"status": "affected",
"version": "20240401"
}
]
},
{
"cpes": [
"cpe:2.3:o:intelbras:mhdx_1008_firmware:20240401:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mhdx_1008_firmware",
"vendor": "intelbras",
"versions": [
{
"status": "affected",
"version": "20240401"
}
]
},
{
"cpes": [
"cpe:2.3:o:intelbras:mhdx_1016_firmware:20240401:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mhdx_1016_firmware",
"vendor": "intelbras",
"versions": [
{
"status": "affected",
"version": "20240401"
}
]
},
{
"cpes": [
"cpe:2.3:o:intelbras:mhdx_5016_firmware:20240401:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mhdx_5016_firmware",
"vendor": "intelbras",
"versions": [
{
"status": "affected",
"version": "20240401"
}
]
},
{
"cpes": [
"cpe:2.3:o:intelbras:hdcvi_1008_firmware:20240401:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hdcvi_1008_firmware",
"vendor": "intelbras",
"versions": [
{
"status": "affected",
"version": "20240401"
}
]
},
{
"cpes": [
"cpe:2.3:o:intelbras:hdcvi_1016_firmware:20240401:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "hdcvi_1016_firmware",
"vendor": "intelbras",
"versions": [
{
"status": "affected",
"version": "20240401"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3160",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-26T14:06:12.963161Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-26T14:36:13.448Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"HTTP GET Request Handler"
],
"product": "MHDX 1004",
"vendor": "Intelbras",
"versions": [
{
"status": "affected",
"version": "20240401"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "MHDX 1008",
"vendor": "Intelbras",
"versions": [
{
"status": "affected",
"version": "20240401"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "MHDX 1016",
"vendor": "Intelbras",
"versions": [
{
"status": "affected",
"version": "20240401"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "MHDX 5016",
"vendor": "Intelbras",
"versions": [
{
"status": "affected",
"version": "20240401"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "HDCVI 1008",
"vendor": "Intelbras",
"versions": [
{
"status": "affected",
"version": "20240401"
}
]
},
{
"modules": [
"HTTP GET Request Handler"
],
"product": "HDCVI 1016",
"vendor": "Intelbras",
"versions": [
{
"status": "affected",
"version": "20240401"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "netsecfish (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "** DISPUTED ** A vulnerability, which was classified as problematic, was found in Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 and HDCVI 1016 up to 20240401. This affects an unknown part of the file /cap.js of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-258933 was assigned to this vulnerability. NOTE: The vendor explains that they do not classify the information shown as sensitive and therefore there is no vulnerability which is about to harm the user."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 and HDCVI 1016 bis 20240401 gefunden. Dabei betrifft es einen unbekannter Codeteil der Datei /cap.js der Komponente HTTP GET Request Handler. Durch Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Die wahre Existenz der vermeintlichen Schwachstelle wird zur Zeit in Frage gestellt."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-02T02:31:04.579Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-258933 | Intelbras HDCVI 1016 HTTP GET Request cap.js information disclosure",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.258933"
},
{
"name": "VDB-258933 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.258933"
},
{
"name": "Submit #305410 | Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008, HDCVI 1016 N/A Exposure of Sensitive Information to an Unauthorized Actor",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.305410"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/netsecfish/intelbras_cap_js"
}
],
"tags": [
"disputed"
],
"timeline": [
{
"lang": "en",
"time": "2024-04-01T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-01T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-04-01T22:30:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "Intelbras HDCVI 1016 HTTP GET Request cap.js information disclosure"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3160",
"datePublished": "2024-04-02T02:31:04.579Z",
"dateReserved": "2024-04-01T20:25:10.650Z",
"dateUpdated": "2024-08-26T14:36:13.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"cveTags": "[{\"sourceIdentifier\": \"cna@vuldb.com\", \"tags\": [\"disputed\"]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"** DISPUTED ** A vulnerability, which was classified as problematic, was found in Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 and HDCVI 1016 up to 20240401. This affects an unknown part of the file /cap.js of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-258933 was assigned to this vulnerability. NOTE: The vendor explains that they do not classify the information shown as sensitive and therefore there is no vulnerability which is about to harm the user.\"}, {\"lang\": \"es\", \"value\": \"** EN DISPUTA ** Se ha encontrado una vulnerabilidad clasificada como problem\\u00e1tica en Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 y HDCVI 1016 hasta 20240401. Esto afecta a una parte desconocida del archivo /cap.js del componente HTTP GET Request Handler. La manipulaci\\u00f3n conduce a la divulgaci\\u00f3n de informaci\\u00f3n. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\\u00fablico y puede utilizarse. Por el momento todav\\u00eda se duda de la existencia real de esta vulnerabilidad. A esta vulnerabilidad se le asign\\u00f3 el identificador VDB-258933. NOTA: El proveedor explica que no clasifica la informaci\\u00f3n mostrada como sensible y por lo tanto no existe ninguna vulnerabilidad que est\\u00e9 a punto de da\\u00f1ar al usuario.\"}]",
"id": "CVE-2024-3160",
"lastModified": "2024-11-21T09:29:02.200",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}], \"cvssMetricV2\": [{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2024-04-02T03:15:19.010",
"references": "[{\"url\": \"https://github.com/netsecfish/intelbras_cap_js\", \"source\": \"cna@vuldb.com\"}, {\"url\": \"https://vuldb.com/?ctiid.258933\", \"source\": \"cna@vuldb.com\"}, {\"url\": \"https://vuldb.com/?id.258933\", \"source\": \"cna@vuldb.com\"}, {\"url\": \"https://vuldb.com/?submit.305410\", \"source\": \"cna@vuldb.com\"}, {\"url\": \"https://github.com/netsecfish/intelbras_cap_js\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://vuldb.com/?ctiid.258933\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://vuldb.com/?id.258933\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://vuldb.com/?submit.305410\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cna@vuldb.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"cna@vuldb.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-3160\",\"sourceIdentifier\":\"cna@vuldb.com\",\"published\":\"2024-04-02T03:15:19.010\",\"lastModified\":\"2024-11-21T09:29:02.200\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[{\"sourceIdentifier\":\"cna@vuldb.com\",\"tags\":[\"disputed\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"** DISPUTED ** A vulnerability, which was classified as problematic, was found in Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 and HDCVI 1016 up to 20240401. This affects an unknown part of the file /cap.js of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-258933 was assigned to this vulnerability. NOTE: The vendor explains that they do not classify the information shown as sensitive and therefore there is no vulnerability which is about to harm the user.\"},{\"lang\":\"es\",\"value\":\"** EN DISPUTA ** Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 y HDCVI 1016 hasta 20240401. Esto afecta a una parte desconocida del archivo /cap.js del componente HTTP GET Request Handler. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. Por el momento todav\u00eda se duda de la existencia real de esta vulnerabilidad. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-258933. NOTA: El proveedor explica que no clasifica la informaci\u00f3n mostrada como sensible y por lo tanto no existe ninguna vulnerabilidad que est\u00e9 a punto de da\u00f1ar al usuario.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cna@vuldb.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"references\":[{\"url\":\"https://github.com/netsecfish/intelbras_cap_js\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?ctiid.258933\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?id.258933\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://vuldb.com/?submit.305410\",\"source\":\"cna@vuldb.com\"},{\"url\":\"https://github.com/netsecfish/intelbras_cap_js\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://vuldb.com/?ctiid.258933\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://vuldb.com/?id.258933\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://vuldb.com/?submit.305410\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://vuldb.com/?id.258933\", \"name\": \"VDB-258933 | Intelbras HDCVI 1016 HTTP GET Request cap.js information disclosure\", \"tags\": [\"vdb-entry\", \"x_transferred\"]}, {\"url\": \"https://vuldb.com/?ctiid.258933\", \"name\": \"VDB-258933 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\", \"x_transferred\"]}, {\"url\": \"https://vuldb.com/?submit.305410\", \"name\": \"Submit #305410 | Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008, HDCVI 1016 N/A Exposure of Sensitive Information to an Unauthorized Actor\", \"tags\": [\"third-party-advisory\", \"x_transferred\"]}, {\"url\": \"https://github.com/netsecfish/intelbras_cap_js\", \"tags\": [\"exploit\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:05:07.039Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-3160\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-26T14:06:12.963161Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:intelbras:mhdx_1004_firmware:20240401:*:*:*:*:*:*:*\"], \"vendor\": \"intelbras\", \"product\": \"mhdx_1004_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240401\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:intelbras:mhdx_1008_firmware:20240401:*:*:*:*:*:*:*\"], \"vendor\": \"intelbras\", \"product\": \"mhdx_1008_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240401\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:intelbras:mhdx_1016_firmware:20240401:*:*:*:*:*:*:*\"], \"vendor\": \"intelbras\", \"product\": \"mhdx_1016_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240401\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:intelbras:mhdx_5016_firmware:20240401:*:*:*:*:*:*:*\"], \"vendor\": \"intelbras\", \"product\": \"mhdx_5016_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240401\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:intelbras:hdcvi_1008_firmware:20240401:*:*:*:*:*:*:*\"], \"vendor\": \"intelbras\", \"product\": \"hdcvi_1008_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240401\"}], \"defaultStatus\": \"unknown\"}, {\"cpes\": [\"cpe:2.3:o:intelbras:hdcvi_1016_firmware:20240401:*:*:*:*:*:*:*\"], \"vendor\": \"intelbras\", \"product\": \"hdcvi_1016_firmware\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240401\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-26T14:11:07.177Z\"}}], \"cna\": {\"tags\": [\"disputed\"], \"title\": \"Intelbras HDCVI 1016 HTTP GET Request cap.js information disclosure\", \"credits\": [{\"lang\": \"en\", \"type\": \"reporter\", \"value\": \"netsecfish (VulDB User)\"}], \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\"}}, {\"cvssV3_0\": {\"version\": \"3.0\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N\"}}, {\"cvssV2_0\": {\"version\": \"2.0\", \"baseScore\": 5, \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\"}}], \"affected\": [{\"vendor\": \"Intelbras\", \"modules\": [\"HTTP GET Request Handler\"], \"product\": \"MHDX 1004\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240401\"}]}, {\"vendor\": \"Intelbras\", \"modules\": [\"HTTP GET Request Handler\"], \"product\": \"MHDX 1008\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240401\"}]}, {\"vendor\": \"Intelbras\", \"modules\": [\"HTTP GET Request Handler\"], \"product\": \"MHDX 1016\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240401\"}]}, {\"vendor\": \"Intelbras\", \"modules\": [\"HTTP GET Request Handler\"], \"product\": \"MHDX 5016\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240401\"}]}, {\"vendor\": \"Intelbras\", \"modules\": [\"HTTP GET Request Handler\"], \"product\": \"HDCVI 1008\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240401\"}]}, {\"vendor\": \"Intelbras\", \"modules\": [\"HTTP GET Request Handler\"], \"product\": \"HDCVI 1016\", \"versions\": [{\"status\": \"affected\", \"version\": \"20240401\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-04-01T00:00:00.000Z\", \"value\": \"Advisory disclosed\"}, {\"lang\": \"en\", \"time\": \"2024-04-01T02:00:00.000Z\", \"value\": \"VulDB entry created\"}, {\"lang\": \"en\", \"time\": \"2024-04-01T22:30:46.000Z\", \"value\": \"VulDB entry last update\"}], \"references\": [{\"url\": \"https://vuldb.com/?id.258933\", \"name\": \"VDB-258933 | Intelbras HDCVI 1016 HTTP GET Request cap.js information disclosure\", \"tags\": [\"vdb-entry\"]}, {\"url\": \"https://vuldb.com/?ctiid.258933\", \"name\": \"VDB-258933 | CTI Indicators (IOB, IOC, TTP, IOA)\", \"tags\": [\"signature\", \"permissions-required\"]}, {\"url\": \"https://vuldb.com/?submit.305410\", \"name\": \"Submit #305410 | Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008, HDCVI 1016 N/A Exposure of Sensitive Information to an Unauthorized Actor\", \"tags\": [\"third-party-advisory\"]}, {\"url\": \"https://github.com/netsecfish/intelbras_cap_js\", \"tags\": [\"exploit\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"** DISPUTED ** A vulnerability, which was classified as problematic, was found in Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 and HDCVI 1016 up to 20240401. This affects an unknown part of the file /cap.js of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-258933 was assigned to this vulnerability. NOTE: The vendor explains that they do not classify the information shown as sensitive and therefore there is no vulnerability which is about to harm the user.\"}, {\"lang\": \"de\", \"value\": \"Es wurde eine problematische Schwachstelle in Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 and HDCVI 1016 bis 20240401 gefunden. Dabei betrifft es einen unbekannter Codeteil der Datei /cap.js der Komponente HTTP GET Request Handler. Durch Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \\u00fcber das Netzwerk erfolgen. Der Exploit steht zur \\u00f6ffentlichen Verf\\u00fcgung. Die wahre Existenz der vermeintlichen Schwachstelle wird zur Zeit in Frage gestellt.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-200\", \"description\": \"CWE-200 Information Disclosure\"}]}], \"providerMetadata\": {\"orgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"shortName\": \"VulDB\", \"dateUpdated\": \"2024-04-02T02:31:04.579Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-3160\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-26T14:36:13.448Z\", \"dateReserved\": \"2024-04-01T20:25:10.650Z\", \"assignerOrgId\": \"1af790b2-7ee1-4545-860a-a788eba489b5\", \"datePublished\": \"2024-04-02T02:31:04.579Z\", \"assignerShortName\": \"VulDB\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…