← back
CVE-2018-11094

CVE-2018-11094

EPSS 35.6%
An issue was discovered on Intelbras NCLOUD 300 1.0 devices. /cgi-bin/ExportSettings.sh, /goform/updateWPS, /goform/RebootSystem, and /goform/vpnBasicSettings do not require authentication. For example, when an HTTP POST request is made to /cgi-bin/ExportSettings.sh, the username, password, and other details are retrieved.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/44637/unverifiedexploitdbwww.exploit-db.com/exploits/44637unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://blog.kos-lab.com/Hello-World/https://www.exploit-db.com/exploits/44637/