CVE-2026-2564
Received Received - Intake
Weak Password Recovery Vulnerability in Intelbras VIP 3260 Z IA

Publication date: 2026-02-16

Last updated on: 2026-02-16

Assigner: VulDB

Description
A security flaw has been discovered in Intelbras VIP 3260 Z IA 2.840.00IB005.0.T. Affected by this vulnerability is an unknown functionality of the file /OutsideCmd. The manipulation results in weak password recovery. It is possible to launch the attack remotely. Attacks of this nature are highly complex. The exploitation appears to be difficult. It is recommended to upgrade the affected component.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-16
Last Modified
2026-02-16
Generated
2026-06-16
AI Q&A
2026-02-16
EPSS Evaluated
2026-06-14
NVD
CVE-2026-2564
EUVD
EUVD-2026-7666
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
intelbras vip_3260_z_ia 2.840.00ib005.0.t
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-640 The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-2564 is a critical security vulnerability in the Intelbras VIP 3260 Z IA device, version 2.840.00IB005.0.T. It exists in an unknown function within the file /OutsideCmd and involves a weakness in the password recovery mechanism.

The vulnerability allows an unauthenticated remote attacker to bypass proper verification during password recovery, enabling them to reset the administrator password without authorization. This happens because the backend improperly trusts client-side validation of the recovery code and does not enforce proper verification during the password change process.

Exploitation of this flaw can lead to full compromise of the device, including unauthorized administrative access.

Impact Analysis

This vulnerability can have severe impacts including unauthorized administrative access to the affected device.

  • An attacker can remotely reset the administrator password without authentication.
  • Full compromise of the device is possible, allowing the attacker to control it.
  • Confidentiality, integrity, and availability of the device are all at risk.
  • Attackers can view live camera feeds and potentially manipulate device settings.
Compliance Impact

I don't know

Detection Guidance

This vulnerability affects the Intelbras VIP 3260 Z IA device, specifically version 2.840.00IB005.0.T, and involves a weakness in the password recovery mechanism accessible via the /OutsideCmd file. Detection would involve monitoring for unauthorized attempts to access or manipulate this endpoint remotely.

Since the vulnerability allows remote unauthenticated password reset by bypassing server-side validation, network detection could focus on unusual HTTP requests targeting the /OutsideCmd endpoint, especially those attempting password recovery or reset operations.

However, no specific detection commands or signatures are provided in the available information.

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The primary recommended mitigation is to upgrade the affected Intelbras VIP 3260 Z IA device to a fixed version that addresses this vulnerability.'}, {'type': 'paragraph', 'content': "Since the vulnerability allows remote unauthenticated attackers to reset the administrator password, immediate steps include restricting network access to the device's management interface, such as limiting access to trusted IP addresses or placing the device behind a firewall."}, {'type': 'paragraph', 'content': 'Additionally, monitoring for suspicious activity targeting the password recovery functionality and changing any potentially compromised credentials after applying the fix is advised.'}] [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-2564. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart