Description

A information file on the Intelbras UnniTI device is accessible via HTTP and contains the administrator username and password in cleartext. An unauthenticated remote user can read this file and obtain administrative credentials, enabling full device takeover.

Version tested

Reproduction Steps

1. Identify device IP: [DEVICE_IP].
2. On your browser create a cookie “username=admin”
3. Access URL: http://[DEVICE_IP]/xml/sistema/usuarios.xml.
4. Observe response contains credentials in plain text under fields such as Usuario and Senha.
5. Attempt to log in to the web administration panel using the discovered credentials — only perform this step in authorized testing environments.

Using curl