CVE-2026-36438
Remote Code Execution in Intelbras VIP-1230-D-G4
Publication date: 2026-05-18
Last updated on: 2026-05-19
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| intelbras | vip_1230_d_g4 | v2.800.00ib00c.0.t |
| intelbras | vip_1230_b_g4 | v2.800.00ib00c.0.t |
| intelbras | vip_1230_b_d_g4 | to 6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-640 | The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-36438 is a vulnerability in Intelbras VIP-1230-D-G4 devices, specifically in the password reset functionality located under /OutsideCmd. This flaw allows a remote attacker to exploit the password reset process to obtain sensitive information, such as administrator account details, without needing prior authentication.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing unauthorized remote attackers to gain access to sensitive information from your Intelbras VIP-1230-D-G4 device. Since the attacker can retrieve administrator account details via the password reset functionality, they could potentially compromise the security of your surveillance system, leading to unauthorized control or data exposure.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for attempts to access the password reset functionality under the /OutsideCmd endpoint on Intelbras VIP-1230-D-G4 devices.
A practical approach is to use network scanning or HTTP request inspection tools to identify requests targeting the /OutsideCmd path, especially those attempting password reset operations.
For example, you can use curl or wget commands to test if the endpoint is accessible and potentially leaking sensitive information:
- curl -v http://<device-ip>/OutsideCmd
- curl -v http://<device-ip>/OutsideCmd?password_reset
Additionally, network intrusion detection systems (NIDS) can be configured to alert on suspicious HTTP requests to this endpoint.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the firmware of the Intelbras VIP-1230 B/D G4 devices to the latest version that addresses this vulnerability, as acknowledged by Intelbras.
If updating firmware is not immediately possible, restrict network access to the affected devices by limiting exposure of the /OutsideCmd endpoint, for example by using firewall rules or network segmentation.
Additionally, monitor device logs and network traffic for any suspicious activity related to password reset attempts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows a remote attacker to obtain sensitive information via the password reset functionality, which could lead to unauthorized access to administrator accounts.
Such unauthorized access and potential exposure of sensitive information may negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive data against unauthorized access.
However, specific impacts on compliance or mitigation measures are not detailed in the provided information.