Open in app

Sign in

Write

Sign in

Remote ControlCVE-2019–20004

Rafael Silva
2 min readDec 27, 2019

--

An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router.

Proof Of Concept

First Step —

Access the router and change the password.

Second Step —

When the administrator password is changed from a certain client IP address.

Primary IP
Secondary IP

When using the secondary IP to log in to the router the password is required.

Third Step —

When using the initial IP which was made the password change the router does not ask for passwords.

Video —

https://vimeo.com/381587535

Networking
Intelbras
Vulnerability
Cve

--

--

Rafael Silva

Written by Rafael Silva

11 Followers

Vulnerability Researcher

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams