CVE-2025-13187

Intelbras ICIP acessodeusuario.xml credentials storage

CVSS 6.9 MEDIUMEPSS 0.5%CWE-255 CWE-256

A security vulnerability has been detected in Intelbras ICIP 2.0.20. Affected is an unknown function of the file /xml/sistema/acessodeusuario.xml. Such manipulation of the argument NomeUsuario/SenhaAcess leads to unprotected storage of credentials. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

Produtos afetados

Intelbras · ICIP

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://vuldb.com/?ctiid.332475 https://vuldb.com/?id.332475 https://vuldb.com/?submit.685522 https://www.notion.so/eldruin/Intelbras-ICIP-Plaintext-Admin-Credentials-Disclosure-29b27474cccb80ff943ff2776d03d7cd https://www.notion.so/eldruin/Intelbras-ICIP-Plaintext-Admin-Credentials-Disclosure-CVE-2025-13187-29b27474cccb80ff943ff2776d03d7cd