PatchSiren cyber security CVE debrief
CVE-2026-36438 Intelbras CVE debrief
A medium-severity information disclosure vulnerability affects Intelbras VIP-1230-D-G4 IP cameras running firmware version V2.800.00IB00C.0.T. The vulnerability resides in the password reset functionality accessible via the `/OutsideCmd` endpoint, which allows remote unauthenticated attackers to obtain sensitive information. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) indicates network-accessible exploitation with low attack complexity, no privileges required, and no user interaction needed, resulting in low confidentiality impact. The weakness is categorized as CWE-640: Weak Password Recovery Mechanism for Forgotten Password. This CVE was published on 2026-05-18 and last modified on 2026-05-19; it is not currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. Vendor attribution is based on reference domain analysis with low confidence and requires review.
- Vendor
- Intelbras
- Product
- VIP-1230-D-G4
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-18
- Original CVE updated
- 2026-05-19
- Advisory published
- 2026-05-18
- Advisory updated
- 2026-05-19
Who should care
Organizations deploying Intelbras VIP-1230-D-G4 IP cameras for physical security and surveillance; network security teams managing IoT/OT device exposure; security operations centers monitoring for reconnaissance activity against camera management interfaces.
Technical summary
The Intelbras VIP-1230-D-G4 firmware V2.800.00IB00C.0.T contains a weak password recovery mechanism (CWE-640) in the `/OutsideCmd` endpoint. Remote attackers can exploit this flaw without authentication to extract sensitive information through the password reset functionality. The vulnerability is network-accessible with minimal attack complexity, though impact is limited to confidentiality. No availability or integrity impacts are indicated.
Defensive priority
medium
Recommended defensive actions
- Review and restrict network access to Intelbras VIP-1230-D-G4 camera management interfaces, particularly endpoints under /OutsideCmd
- Monitor for unauthorized access attempts to password reset functionality on affected camera models
- Apply firmware updates from Intelbras when available to address the weak password recovery mechanism
- Implement network segmentation to isolate IP cameras from untrusted networks
- Audit camera configurations for unauthorized changes that may indicate exploitation attempts
Evidence notes
Vulnerability description sourced from official CVE record. CVSS vector and weakness classification (CWE-640) derived from NVD metadata. Vendor identification based on reference domain candidate 'Intelbras' with low confidence flag. No KEV entry confirmed.
Official resources
2026-05-18T16:16:29.873Z