cbcvebase.
CVE-2021-3017
published 2021-04-14

CVE-2021-3017: The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the…

PriorityP271high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
63.02%
99.1th percentile
The web interface on Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.

Affected

2 ranges
VendorProductVersion rangeFixed in
intelbraswin_300_firmware<= 2021-01-04
intelbraswrn_342_firmware<= 2021-01-04

Detection & IOCsextracted from sources · hover to see the quote

url/index.asp
otherdef_wirelesspassword =
yara
regex: 'def_wirelesspassword = "([A-Za-z0-9=]+)";'
  • Send an unauthenticated HTTP GET request to /index.asp on the target device. A vulnerable Intelbras WIN 300 or WRN 342 device will return HTTP 200 with both 'def_wirelesspassword =' and 'Roteador Wireless' present in the response body, indicating credentials are exposed in the HTML source.
  • Extract the plaintext wireless password from the HTML body using the regex pattern: def_wirelesspassword = "([A-Za-z0-9=]+)"; — credentials are embedded directly in the page source without authentication.
  • ·The vulnerability affects Intelbras WIN 300 and WRN 342 devices through firmware dated 2021-01-04 only. Devices on newer firmware may not be vulnerable.
  • ·Only a single HTTP request is required (max-request: 1), making this trivially exploitable at scale with no authentication, no special headers, and no prior knowledge of credentials.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.