A critical access control vulnerability has been identified in multiple Intelbras router models. This flaw allows an unauthenticated attacker to remotely download the device's configuration file, exposing highly sensitive information such as administrative passwords and network settings. Successful exploitation could lead to a complete compromise of the network's security and integrity.

The vulnerability is an improper access control flaw within the web management interface of affected Intelbras routers. An unauthenticated attacker, with network access to the device, can bypass authentication mechanisms and directly access and download the router's settings file. This is likely achieved by navigating to a specific, unprotected URL that serves the configuration file, requiring no special privileges or user interaction. The exposed file contains sensitive data in a readable or easily decipherable format, including Wi-Fi SSIDs, pre-shared keys (passwords), and administrator credentials for the router itself.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Exploitation could have a severe and direct impact on the organization's security posture. An attacker who obtains the router's configuration file can gain administrative control over the network gateway, enabling them to monitor, redirect, or block all network traffic. Specific risks include eavesdropping on sensitive communications, launching man-in-the-middle attacks, pivoting to other internal network devices, and using the compromised network to launch attacks against external targets. This could result in significant data breaches, operational disruption, and reputational damage.

Immediate Action: Immediately apply the security patches provided by Intelbras to all affected devices. Organizations should identify all vulnerable Intelbras RX1500 and RX3000 routers and upgrade their firmware to the latest version that addresses this flaw. After patching, verify that the vulnerability has been successfully remediated.

Proactive Monitoring: Security teams should actively monitor web server access logs on affected routers for any direct, unauthenticated requests to configuration file paths (e.g., requests for files ending in .cfg, .bin, or containing config in the URL). Monitor for unusual outbound traffic from the routers or signs of internal network scanning originating from the router's IP address, which could indicate a successful compromise.

Compensating Controls: If immediate patching is not feasible, implement the following controls:

• Use a firewall to restrict all access to the router's web management interface to a dedicated, trusted management network or specific administrative IP addresses.
• Ensure that remote (WAN) management of the router is disabled.
• Change all default passwords and ensure strong, unique credentials are used for the router's administrator and Wi-Fi access.

Public Exploit Available: false

Due to the critical severity (9.8) of this vulnerability, we strongly recommend that organizations take immediate action. The risk of complete network compromise is substantial. All affected Intelbras devices must be patched on an emergency basis. While this CVE is not yet on the CISA KEV list, its high impact and low-complexity nature make it a prime target for future exploitation. Until patches are fully deployed, access to the device's management interface should be strictly limited using compensating controls as a temporary mitigation.