| Titel | Intelbras TIP 635G 1.12.3.5 OS Command Injection |
|---|
| Beschreibung | An authenticated OS command injection vulnerability exists in the web management interface of the Intelbras TIP 635G IP terminal. The diagnostic “ping” functionality improperly sanitizes user-supplied input and passes it directly to a system shell command. An authenticated attacker can inject arbitrary OS commands using shell command substitution (e.g., $(...)), resulting in remote code execution with root privileges. Although command output is not reflected in the web interface, successful exploitation can be confirmed via out-of-band interactions (e.g., network requests initiated by the device). This vulnerability allows full compromise of the affected device and may enable lateral movement within the network. |
|---|
| Quelle | ⚠️ https://www.notion.so/eldruin/Intelbras-TIP-635G-Authenticated-OS-Command-Injection-Leading-to-Root-RCE-30627474cccb80929328e7c3b3ea0f9b |
|---|
| Benutzer | eldruin (UID 80359) |
|---|
| Einreichung | 13.02.2026 21:08 (vor 4 Monaten) |
|---|
| Moderieren | 24.02.2026 10:41 (11 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 347527 [Intelbras TIP 635G 1.12.3.5 Ping erweiterte Rechte] |
|---|
| Punkte | 20 |
|---|