CVE-2025-13221
📋 TL;DR
This vulnerability in Intelbras UnniTI 24.07.11 allows remote attackers to access plaintext admin credentials stored in the /xml/sistema/usuarios.xml file. Anyone using the affected version of Intelbras UnniTI is vulnerable to credential theft and potential system compromise.
💻 Affected Systems
- Intelbras UnniTI
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain administrative access to the system, leading to complete compromise, data theft, and potential lateral movement within the network.
Likely Case
Attackers steal admin credentials and gain unauthorized access to the management interface, potentially modifying configurations or accessing sensitive data.
If Mitigated
With proper network segmentation and access controls, impact is limited to the vulnerable system only.
🎯 Exploit Status
Exploit is publicly available and requires minimal technical skill to execute remotely.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: Unknown
Restart Required: No
Instructions:
Check Intelbras website for security updates or contact vendor support for patching guidance.
🔧 Temporary Workarounds
Restrict Access to XML Files
allBlock external access to the /xml/sistema/ directory via web server configuration or firewall rules.
# Example for Apache: <Location "/xml/sistema/">
Require all denied
</Location>
# Example for Nginx: location /xml/sistema/ {
deny all;
}
Network Segmentation
linuxIsolate the UnniTI system from untrusted networks and restrict access to authorized IPs only.
# Example iptables rule: iptables -A INPUT -p tcp --dport [UNNITI_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [UNNITI_PORT] -j DROP
🧯 If You Can't Patch
- Change all admin passwords immediately and monitor for unauthorized access.
- Implement strict network access controls to limit exposure to the vulnerable system.
🔍 How to Verify
Check if Vulnerable:
Access http://[TARGET_IP]/xml/sistema/usuarios.xml and check if plaintext credentials are visible.Check Version:
Check the UnniTI web interface or system documentation for version information.Verify Fix Applied:
Attempt to access the usuarios.xml file after applying workarounds; it should be inaccessible or return an error.📡 Detection & Monitoring
Log Indicators:
- Unusual access patterns to /xml/sistema/usuarios.xml
- Failed login attempts followed by successful logins from new IPs
Network Indicators:
- HTTP GET requests to /xml/sistema/usuarios.xml from untrusted sources
SIEM Query:
source="web_server" AND uri="/xml/sistema/usuarios.xml"