CVE-2025-4286

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://eldruin.notion.site/Intelbras-InControl-v2-21-57-Storing-password-in-insecure-format-17d27474cccb8003b647ea832186b162?pvs=4", "name": "https://eldruin.notion.site/Intelbras-InControl-v2-21-57-Storing-password-in-insecure-format-17d27474cccb8003b647ea832186b162?pvs=4", "tags": ["Exploit"], "refsource": ""}, {"url": "https://vuldb.com/?ctiid.307392", "name": "VDB-307392 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["Permissions Required", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?id.307392", "name": "VDB-307392 | Intelbras InControl Dispositivos Edi\u00e7\u00e3o Page credentials storage", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}, {"url": "https://vuldb.com/?submit.483834", "name": "Submit #483834 | Intelbras InControl 2.21.57 Insecure Storage of Sensitive Information", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edi\u00e7\u00e3o Page. The manipulation of the argument Senha de Comunica\u00e7\u00e3o leads to unprotected storage of credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. According to the vendor this issue should be fixed in a later release."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-255"}, {"lang": "en", "value": "CWE-256"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-4286", "ASSIGNER": "cna@vuldb.com"}}, "impact": {"baseMetricV3": {"cvssV3": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}}, "publishedDate": "2025-05-05T20:15Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:intelbras:incontrol_web:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "2.21.59"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-20T02:29Z"}