CVE-2020–12262 XSS VoIP Intelbras

> Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15
devices allow /cgi-bin/cgiServer.exx?page= XSS.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Cross Site Scripting (XSS)
>
> ------------------------------------------
>
> [Vendor of Product]
> Intelbras
>
> ------------------------------------------
>
> [Affected Product Code Base]
> TIP300 - 65.61.75.15
> TIP200/200LITE - 60.61.75.15
>
> ------------------------------------------
>
> [Affected Component]
> CGI file parameter
> EX: /cgi-bin/cgiServer.exx?page= XSS
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Code execution]
> true
>
> ------------------------------------------
>
> [Impact Escalation of Privileges]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> http://host/cgi-bin/cgiServer.exx?page=<script>alert('SkullSec')</script>
>
> ------------------------------------------
>
> [Discoverer]
> Lucas Souza
>
> ------------------------------------------

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store