Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionCVE.org
An issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T allows a remote attacker to obtain sensitive information via password reset functionality under /OutsideCmd
AnalysisAI
Unauthenticated information disclosure in the Intelbras VIP-1230-D-G4 Wi-Fi dome IP camera (firmware V2.800.00IB00C.0.T) exposes sensitive data through the password reset endpoint at /OutsideCmd. Remote, unauthenticated attackers can query this endpoint directly over the network to retrieve sensitive information - likely credentials or reset tokens - without any prior authentication or user interaction. Publicly available exploit code exists on GitHub (kensh1k/CVE-2026-36438), lowering the bar for exploitation; no CISA KEV listing has been confirmed at time of analysis.
Technical ContextAI
The Intelbras VIP-1230-D-G4 is a Wi-Fi dome camera in the G4 generation lineup marketed primarily in Brazil. The affected firmware version is V2.800.00IB00C.0.T. The vulnerability resides in the device's web management interface, specifically within the /OutsideCmd URI path which exposes password reset functionality without enforcing authentication. This is a classic IoT insecure direct object reference / unauthenticated API endpoint pattern, where sensitive operations - such as password reset flows - are reachable from the network without session validation. No CWE has been assigned by NVD/MITRE, but the behavior is consistent with CWE-306 (Missing Authentication for Critical Function) or CWE-200 (Exposure of Sensitive Information). The CPE data provided is null (cpe:2.3:a:n/a:n/a) indicating the NVD entry lacks a properly mapped product identifier, which may affect downstream scanner detection.
RemediationAI
No vendor-released patch has been identified at time of analysis. Intelbras has not published a security advisory or updated firmware in the referenced sources. Given the absence of a patch, defenders should apply the following compensating controls: (1) Place the camera behind a firewall or NAT boundary and block direct internet access to TCP port 80/443 on the device - this eliminates the network-reachable attack vector at the cost of losing remote web UI access from untrusted networks. (2) Segment IP cameras onto a dedicated VLAN with egress filtering, limiting blast radius if credentials are obtained. (3) If the device supports it, disable the /OutsideCmd or external password reset feature through the admin interface - check the management UI under remote access or account settings; disabling this may prevent self-service password recovery. (4) Monitor web server logs on any reverse-proxy or gateway in front of the camera for requests to /OutsideCmd from unexpected sources as a detection control. Check https://www.intelbras.com/pt-br for firmware update releases and apply any future patch that addresses this endpoint.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-30776
GHSA-6p33-rpvq-f3c3