CVE-2025-0784

CVE Database · CVE-2025-0784

CVE-2025-0784

· LOWAnalyzed

CVSS v3.1

3.7

CVSS v4.0

6.3

EPSS

0.43%

Published

Jan 28, 2025

Modified

Aug 20, 2025

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. This vulnerability affects unknown code of the file /v1/usuario/ of the component Registered User Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.59 is able to address this issue. It is recommended to upgrade the affected component.

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Weaknesses (CWE)

CWE-310CWE-319

Affected Products (1)

intelbras · incontrol_web (up to 2.21.59)vulnerable

References (4)

https://eldruin.notion.site/Intelbras-InControl-v2-21-57-Password-exposed-in-clear-text-17d27474cccb806fba1efda195c78258?pvs=4

ExploitThird Party Advisory

https://vuldb.com/?ctiid.293908

Permissions RequiredVDB Entry

https://vuldb.com/?id.293908

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.483835

Third Party AdvisoryVDB Entry

KEV Catalog EPSS Scores Vendors All CVEs