CVE-2025-4286 MEDIUM

CVE-2025-4286: Intelbras InControl Dispositivos Edição Page credentials storage

Vendor Intelbras
Product InControl
Weakness CWE-256
Published May 5, 2025
Last update May 5, 2025

CVSS base score

5.1/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação leads to unprotected storage of credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. According to the vendor this issue should be fixed in a later release.

Key dates

02Disclosure timeline

May 5, 2025 CVE published
May 5, 2025 Record updated