A critical path traversal vulnerability has been identified in several IntelBras IP Camera devices, including models IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z, and IPC-HDW1200S. This vulnerability allows attackers to bypass directory restrictions and access sensitive files, such as ../mtd/Config/Sha1Account1 and ../mtd/Config/Account1, which contain hashed/encrypted credentials and other configuration data. By exploiting this flaw, attackers can gain unauthorized access to the devices, potentially compromising system security and exposing critical information.
URI:
../mtd/Config/Sha1Account1../mtd/Config/Account1