Intelbras TIP200/TIP200LITE/TIP300 - Cross-Site Scripting
Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 are vulnerable to reflected cross-site scripting (XSS) via the page parameter in /cgi-bin/cgiServer.exx, allowing attackers to execute arbitrary JavaScript in the context of the user.
References:
- https://lucxs.medium.com/cve-2020-12262-xss-voip-intelbras-d5697e31fbf6
- https://www.youtube.com/watch?v=rihboOgiJRs
- https://nvd.nist.gov/vuln/detail/CVE-2020-12262
Remediation:
Update the device firmware to the latest version provided by Intelbras.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
13 days 6 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox