CVE-2025-4286 - Vulnerability Details

A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação leads to unprotected storage of credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. According to the vendor this issue should be fixed in a later release.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Intelbras	Incontrol Incontrol Web

Configuration 1 [-]

cpe:2.3:a:intelbras:incontrol_web:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://eldruin.notion.site/Intelbras-InControl-v2-21-57-Storing-password-in-insecure-format-17d27474cccb8003b647ea832186b162?pvs=4
https://vuldb.com/?ctiid.307392
https://vuldb.com/?id.307392
https://vuldb.com/?submit.483834

History

Wed, 20 Aug 2025 02:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Intelbras incontrol Web
CPEs		cpe:2.3:a:intelbras:incontrol_web::::::::
Vendors & Products		Intelbras incontrol Web

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00035}`	epss `{'score': 0.00037}`

Mon, 05 May 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 05 May 2025 19:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação leads to unprotected storage of credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. According to the vendor this issue should be fixed in a later release.
Title		Intelbras InControl Dispositivos Edição Page credentials storage
Weaknesses		CWE-255 CWE-256
References		https://eldruin.notion.site/Intelbras-InControl-v2-21-57-Storing-password-in-insecure-format-17d27474cccb8003b647ea832186b162?pvs=4 https://vuldb.com/?ctiid.307392 https://vuldb.com/?id.307392 https://vuldb.com/?submit.483834
Metrics		cvssV2_0 `{'score': 3.3, 'vector': 'AV:N/AC:L/Au:M/C:P/I:N/A:N'}` cvssV3_0 `{'score': 2.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}` cvssV3_1 `{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}` cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2025-05-05T19:31:04.865Z

Updated: 2025-05-05T20:05:12.475Z

Reserved: 2025-05-05T11:46:08.317Z

Link: CVE-2025-4286

Vulnrichment

Updated: 2025-05-05T20:04:55.429Z

NVD

Status : Analyzed

Published: 2025-05-05T20:15:21.897

Modified: 2025-08-20T02:29:45.667

Link: CVE-2025-4286

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object