vendor:
TELEFONE IP TIP200/200 LITE
by:
Matheus Goncalves
5.5
CVSS
MEDIUM
Local File Include
CWE
Product Name: TELEFONE IP TIP200/200 LITE
Affected Version From: 60.0.75.29
Affected Version To: 60.0.75.29
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: Debian
2018
INTELBRAS TELEFONE IP TIP200/200 LITE Local File Include
This exploit allows an attacker to include local files by manipulating the 'page' parameter in the URL. The attacker needs admin credentials to download files. The exploit author used default credentials to demonstrate the vulnerability.
Mitigation:
The vendor should release a patch to fix the local file include vulnerability. Users should change the default admin credentials and update to the latest version of the software.