Remote Control — CVE-2019–20004
2 min readDec 27, 2019
An issue was discovered on Intelbras IWR 3000N 1.8.7 devices. When the administrator password is changed from a certain client IP address, administrative authorization remains available to any client at that IP address, leading to complete control of the router.
Proof Of Concept
First Step —
Access the router and change the password.
Second Step —
When the administrator password is changed from a certain client IP address.
When using the secondary IP to log in to the router the password is required.
Third Step —
When using the initial IP which was made the password change the router does not ask for passwords.
Video —