CVE-2024-9325

Summary

A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\Program Files (x86)\Intelbras\Incontrol Cliente\incontrol_webcam\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20.

Affected Software

VendorProductVersion RangeStatus
IntelbrasInControl2.21.0affected
IntelbrasInControl2.21.1affected
IntelbrasInControl2.21.2affected
IntelbrasInControl2.21.3affected
IntelbrasInControl2.21.4affected
IntelbrasInControl2.21.5affected
IntelbrasInControl2.21.6affected
IntelbrasInControl2.21.7affected
IntelbrasInControl2.21.8affected
IntelbrasInControl2.21.9affected
IntelbrasInControl2.21.10affected
IntelbrasInControl2.21.11affected
IntelbrasInControl2.21.12affected
IntelbrasInControl2.21.13affected
IntelbrasInControl2.21.14affected
IntelbrasInControl2.21.15affected
IntelbrasInControl2.21.16affected
IntelbrasInControl2.21.17affected
IntelbrasInControl2.21.18affected
IntelbrasInControl2.21.19affected
IntelbrasInControl2.21.20affected
IntelbrasInControl2.21.21affected
IntelbrasInControl2.21.22affected
IntelbrasInControl2.21.23affected
IntelbrasInControl2.21.24affected
IntelbrasInControl2.21.25affected
IntelbrasInControl2.21.26affected
IntelbrasInControl2.21.27affected
IntelbrasInControl2.21.28affected
IntelbrasInControl2.21.29affected
IntelbrasInControl2.21.30affected
IntelbrasInControl2.21.31affected
IntelbrasInControl2.21.32affected
IntelbrasInControl2.21.33affected
IntelbrasInControl2.21.34affected
IntelbrasInControl2.21.35affected
IntelbrasInControl2.21.36affected
IntelbrasInControl2.21.37affected
IntelbrasInControl2.21.38affected
IntelbrasInControl2.21.39affected
IntelbrasInControl2.21.40affected
IntelbrasInControl2.21.41affected
IntelbrasInControl2.21.42affected
IntelbrasInControl2.21.43affected
IntelbrasInControl2.21.44affected
IntelbrasInControl2.21.45affected
IntelbrasInControl2.21.46affected
IntelbrasInControl2.21.47affected
IntelbrasInControl2.21.48affected
IntelbrasInControl2.21.49affected
IntelbrasInControl2.21.50affected
IntelbrasInControl2.21.51affected
IntelbrasInControl2.21.52affected
IntelbrasInControl2.21.53affected
IntelbrasInControl2.21.54affected
IntelbrasInControl2.21.55affected
IntelbrasInControl2.21.56affected

Weaknesses

  • CWE-428: Unquoted Search Path
  • CWE-426: Untrusted Search Path

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References