Intelbras TIP200/TIP200LITE/TIP300 - Cross-Site Scripting
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
13 days 6 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
-
Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 are vulnerable to reflected cross-site scripting (XSS) via the page parameter in /cgi-bin/cgiServer.exx, allowing attackers to execute arbitrary JavaScript in the context of the user.
References:
- https://lucxs.medium.com/cve-2020-12262-xss-voip-intelbras-d5697e31fbf6
- https://www.youtube.com/watch?v=rihboOgiJRs
- https://nvd.nist.gov/vuln/detail/CVE-2020-12262
Remediation:
Update the device firmware to the latest version provided by Intelbras.