Invia #832544: Intelbras iNVU 7016 FT 3.004.00IB000.0.T (Build 2025-09-26) Path Traversalinformazioni

TitoloIntelbras iNVU 7016 FT 3.004.00IB000.0.T (Build 2025-09-26) Path Traversal
DescrizioneA path traversal vulnerability has been identified in the Intelbras iNVU 7016 FT, a 16-channel video recording and intelligence server running embedded Linux on aarch64 architecture, in the execution log download functionality. Affected version: 3.004.00IB000.0.T (Build Date: 2025-09-26). Web Interface: 5.031.0.250926.1539217.AI.M.V2. The vulnerable endpoint /index/operation/pieceLog (internally handled as /RPC2_Loadfile/syslog/) fails to properly validate the file path parameter in download requests. An authenticated attacker can manipulate the path using directory traversal sequences (../) to read arbitrary files from the underlying filesystem, resulting in a Local File Inclusion (LFI) scenario. The web application runs with root privileges, confirmed by successfully reading /etc/shadow. This significantly increases the impact and may enable escalation to remote code execution. Exploitation prerequisites: authenticated user belonging to a group with one of the following permissions: "Armazenamento" (Storage), "Manutenção" (Maintenance), or "Sistema" (System). Proof of Concept: an authenticated attacker sends a crafted GET request to /RPC2_Loadfile/syslog/ with directory traversal sequences in the path parameter (e.g., GET /RPC2_Loadfile/syslog/../../../../etc/shadow HTTP/1.1). The server responds with the contents of /etc/shadow, demonstrating arbitrary file read with root privileges. CVSS v3.1: 7.7 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N. CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). Additional technical context: the product is built on a Dahua-derived codebase (indicated by the "IB" suffix in version string and the JSON-RPC /RPC2 interface), which suggests the vulnerability may affect other rebranded OEM devices sharing the same codebase. Linux Kernel: 5.15.73 (aarch64). Onvif: V2.4.1.
Fonte⚠️ https://coaglio.com/writeups/lfi-intelbras-invu.html
Utente
 coaglio (UID 94741)
Sottomissione18/05/2026 16:41 (28 giorni fa)
Moderazione14/06/2026 14:33 (27 days later)
StatoAccettato
Voce VulDB370853 [Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26 Web Interface /RPC2_Loadfile/syslog/ directory traversal]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!