| Título | Intelbras TIP 635G 1.12.3.5 OS Command Injection |
|---|
| Descripción | An authenticated OS command injection vulnerability exists in the web management interface of the Intelbras TIP 635G IP terminal. The diagnostic “ping” functionality improperly sanitizes user-supplied input and passes it directly to a system shell command. An authenticated attacker can inject arbitrary OS commands using shell command substitution (e.g., $(...)), resulting in remote code execution with root privileges. Although command output is not reflected in the web interface, successful exploitation can be confirmed via out-of-band interactions (e.g., network requests initiated by the device). This vulnerability allows full compromise of the affected device and may enable lateral movement within the network. |
|---|
| Fuente | ⚠️ https://www.notion.so/eldruin/Intelbras-TIP-635G-Authenticated-OS-Command-Injection-Leading-to-Root-RCE-30627474cccb80929328e7c3b3ea0f9b |
|---|
| Usuario | eldruin (UID 80359) |
|---|
| Sumisión | 2026-02-13 21:08 (hace 4 meses) |
|---|
| Moderación | 2026-02-24 10:41 (11 days later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 347527 [Intelbras TIP 635G 1.12.3.5 Ping escalada de privilegios] |
|---|
| Puntos | 20 |
|---|