This report highlights an Information Disclosure vulnerability in multiple IntelBras IPC devices. The vulnerability is demonstrated by a lack of proper access control, allowing sensitive configuration data to be accessed through an unauthenticated HTTP request, affecting over 148,000 devices on the Internet.
CWE-200: Information Exposure
URI: http://[IP_address]/web_caps/webCapsConfig
Description: this endpoint returns detailed device information, including the device type, vendor, network configuration (IP addresses and port mappings), system capabilities, and software/plugin versions.
curl -X GET "http://[IP_address]/web_caps/webCapsConfig" -H "Accept: */*"