Home

Description

A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2_Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

PUBLISHED Reserved 2026-06-14 | Published 2026-06-15 | Updated 2026-06-15 | Assigner VulDB




MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
LOW: 2.7CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
LOW: 2.7CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C
3.3AV:N/AC:L/Au:M/C:P/I:N/A:N/E:POC/RL:OF/RC:C

Problem types

Path Traversal

Product status

3.004.00IB000.0.T Build 2025-09-26
affected

Timeline

2026-06-14:Advisory disclosed
2026-06-14:VulDB entry created
2026-06-14:VulDB entry last update

Credits

coaglio (VulDB User) reporter

VulDB CNA Team coordinator

References

vuldb.com/vuln/370853 (VDB-370853 | Intelbras iNVU 7016 FT Web syslog path traversal) vdb-entry

vuldb.com/vuln/370853/cti (VDB-370853 | CTI Indicators (IOB, IOC, TTP, IOA)) signature permissions-required

vuldb.com/cve/CVE-2026-12211 (CVE-2026-12211 | CVE Analysis and Report) third-party-advisory

vuldb.com/submit/832544 (Submit #832544 | Intelbras iNVU 7016 FT 3.004.00IB000.0.T (Build 2025-09-26) Path Traversal) third-party-advisory

coaglio.com/writeups/lfi-intelbras-invu.html exploit

api-cronos.intelbras.com.br/...7e72d0577ad5ef6455.260527.BIN patch

cve.org (CVE-2026-12211)

nvd.nist.gov (CVE-2026-12211)

Download JSON