| عنوان | Intelbras TIP 635G 1.12.3.5 OS Command Injection |
|---|
| الوصف | An authenticated OS command injection vulnerability exists in the web management interface of the Intelbras TIP 635G IP terminal. The diagnostic “ping” functionality improperly sanitizes user-supplied input and passes it directly to a system shell command. An authenticated attacker can inject arbitrary OS commands using shell command substitution (e.g., $(...)), resulting in remote code execution with root privileges. Although command output is not reflected in the web interface, successful exploitation can be confirmed via out-of-band interactions (e.g., network requests initiated by the device). This vulnerability allows full compromise of the affected device and may enable lateral movement within the network. |
|---|
| المصدر | ⚠️ https://www.notion.so/eldruin/Intelbras-TIP-635G-Authenticated-OS-Command-Injection-Leading-to-Root-RCE-30627474cccb80929328e7c3b3ea0f9b |
|---|
| المستخدم | eldruin (UID 80359) |
|---|
| ارسال | 13/02/2026 09:08 PM (4 أشهر منذ) |
|---|
| الاعتدال | 24/02/2026 10:41 AM (11 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 347527 [Intelbras TIP 635G 1.12.3.5 Ping تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|