Vulnerability Description
A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Intelbras | Incontrol Web | < 2.21.58 |
Related Weaknesses (CWE)
References
- https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C
- https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/I
- https://vuldb.com/?ctiid.278829Permissions Required
- https://vuldb.com/?id.278829Permissions Required
- https://vuldb.com/?submit.385397ExploitThird Party Advisory
FAQ
What is CVE-2024-9325?
CVE-2024-9325 is a vulnerability with a CVSS score of 7.8 (HIGH). A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam...
How severe is CVE-2024-9325?
CVE-2024-9325 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-9325?
Check the references section above for vendor advisories and patch information. Affected products include: Intelbras Incontrol Web.