Description

A information file on the Intelbras ICIP device is accessible via HTTP and contains the administrator username and password in cleartext. An unauthenticated remote user can read this file and obtain administrative credentials, enabling full device takeover.

Version tested

Reproduction Steps

1. Identify device IP: [DEVICE_IP].
2. Access URL: http://[DEVICE_IP]/xml/sistema/acessodeusuario.xml.
3. Observe response contains credentials in plain text under fields such as NomeUsuario and SenhaAcess.
4. Attempt to log in to the web administration panel using the discovered credentials — only perform this step in authorized testing environments.

Note: If a message appears saying the session is already started instead of the credentials, simply clear your cookies and try again or use curl.

Using curl