GCVE - cpe:2.3:a:intelbras:incontrol_web:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:intelbras:incontrol_web:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Intelbras (`2b2fad66-17b2-58cb-a9f2-84cc7e530641`)
Product	Incontrol Web (`99ab048c-6db6-5522-9d67-a933b10252fc`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-7061`	vulnerable	2026-06-03 15:12:30.427396	Intelbras InControl operador csv injection LOW (2.7) A vulnerability was found in Intelbras InControl up to 2.21.60.9. It has been declared as problematic. This vulnerability affects unknown code of the file /v1/operador/. The manipulation leads to csv injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. Published: 2025-07-04T12:32:04.865Z Updated: 2025-07-07T16:23:17.934Z Open on db.gcve.eu Reference links https://vuldb.com/?id.314836 https://vuldb.com/?ctiid.314836 https://vuldb.com/?submit.600881	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-4286`	vulnerable	2026-06-03 15:01:47.365646	Intelbras InControl Dispositivos Edição Page credentials storage LOW (2.7) A vulnerability was found in Intelbras InControl up to 2.21.59. It has been classified as problematic. Affected is an unknown function of the component Dispositivos Edição Page. The manipulation of the argument Senha de Comunicação leads to unprotected storage of credentials. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. According to the vendor this issue should be fixed in a later release. Published: 2025-05-05T19:31:04.865Z Updated: 2025-05-05T20:05:12.475Z Open on db.gcve.eu Reference links https://vuldb.com/?id.307392 https://vuldb.com/?ctiid.307392 https://vuldb.com/?submit.483834 https://eldruin.notion.site/Intelbras-InControl-v2-21-57-Storing-password-in-insecure-format-17d27474cccb8003b647ea832186b162?pvs=4	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-0784`	vulnerable	2026-06-03 14:58:32.938911	Intelbras InControl Registered User usuario cleartext transmission LOW (3.7) A vulnerability has been found in Intelbras InControl up to 2.21.58 and classified as problematic. This vulnerability affects unknown code of the file /v1/usuario/ of the component Registered User Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.59 is able to address this issue. It is recommended to upgrade the affected component. Published: 2025-01-28T20:00:13.220Z Updated: 2025-02-12T20:01:10.799Z Open on db.gcve.eu Reference links https://vuldb.com/?id.293908 https://vuldb.com/?ctiid.293908 https://vuldb.com/?submit.483835 https://eldruin.notion.site/Intelbras-InControl-v2-21-57-Password-exposed-in-clear-text-17d27474cccb806fba1efda195c78258?pvs=4	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-9325`	vulnerable	2026-06-03 14:58:21.017518	Intelbras InControl incontrol-service-watchdog.exe unquoted search path HIGH (7.8) A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20. Published: 2024-09-29T07:31:04.316Z Updated: 2024-11-04T19:13:10.172Z Open on db.gcve.eu Reference links https://vuldb.com/?id.278829 https://vuldb.com/?ctiid.278829 https://vuldb.com/?submit.385397 https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-9324`	vulnerable	2026-06-03 14:58:21.016748	Intelbras InControl Relatório de Operadores Page operador code injection MEDIUM (6.3) A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relatório de Operadores Page. The manipulation of the argument fields leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20. Published: 2024-09-29T07:00:05.883Z Updated: 2024-11-04T19:13:08.178Z Open on db.gcve.eu Reference links https://vuldb.com/?id.278828 https://vuldb.com/?ctiid.278828 https://vuldb.com/?submit.375614 https://youtu.be/UdZVktPUy8A https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.