Submit #832544: Intelbras iNVU 7016 FT 3.004.00IB000.0.T (Build 2025-09-26) Path Traversalinfo

Titel	Intelbras iNVU 7016 FT 3.004.00IB000.0.T (Build 2025-09-26) Path Traversal
Beschreibung	A path traversal vulnerability has been identified in the Intelbras iNVU 7016 FT, a 16-channel video recording and intelligence server running embedded Linux on aarch64 architecture, in the execution log download functionality. Affected version: 3.004.00IB000.0.T (Build Date: 2025-09-26). Web Interface: 5.031.0.250926.1539217.AI.M.V2. The vulnerable endpoint /index/operation/pieceLog (internally handled as /RPC2_Loadfile/syslog/) fails to properly validate the file path parameter in download requests. An authenticated attacker can manipulate the path using directory traversal sequences (../) to read arbitrary files from the underlying filesystem, resulting in a Local File Inclusion (LFI) scenario. The web application runs with root privileges, confirmed by successfully reading /etc/shadow. This significantly increases the impact and may enable escalation to remote code execution. Exploitation prerequisites: authenticated user belonging to a group with one of the following permissions: "Armazenamento" (Storage), "Manutenção" (Maintenance), or "Sistema" (System). Proof of Concept: an authenticated attacker sends a crafted GET request to /RPC2_Loadfile/syslog/ with directory traversal sequences in the path parameter (e.g., GET /RPC2_Loadfile/syslog/../../../../etc/shadow HTTP/1.1). The server responds with the contents of /etc/shadow, demonstrating arbitrary file read with root privileges. CVSS v3.1: 7.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N. CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Additional technical context: the product is built on a Dahua-derived codebase (indicated by the "IB" suffix in version string and the JSON-RPC /RPC2 interface), which suggests the vulnerability may affect other rebranded OEM devices sharing the same codebase. Linux Kernel: 5.15.73 (aarch64). Onvif: V2.4.1.
Quelle	⚠️ https://coaglio.com/writeups/lfi-intelbras-invu.html
Benutzer	coaglio (UID 94741)
Einreichung	18.05.2026 16:41 (vor 28 Tagen)
Moderieren	14.06.2026 14:33 (27 days later)
Status	Akzeptiert
VulDB Eintrag	370853 [Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26 Web Interface /RPC2_Loadfile/syslog/ Directory Traversal]
Punkte	20

◂ Zurück Übersicht Weiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!