| Title | Intelbras TIP 635G 1.12.3.5 OS Command Injection |
|---|
| Description | An authenticated OS command injection vulnerability exists in the web management interface of the Intelbras TIP 635G IP terminal. The diagnostic “ping” functionality improperly sanitizes user-supplied input and passes it directly to a system shell command. An authenticated attacker can inject arbitrary OS commands using shell command substitution (e.g., $(...)), resulting in remote code execution with root privileges. Although command output is not reflected in the web interface, successful exploitation can be confirmed via out-of-band interactions (e.g., network requests initiated by the device). This vulnerability allows full compromise of the affected device and may enable lateral movement within the network. |
|---|
| Source | ⚠️ https://www.notion.so/eldruin/Intelbras-TIP-635G-Authenticated-OS-Command-Injection-Leading-to-Root-RCE-30627474cccb80929328e7c3b3ea0f9b |
|---|
| User | eldruin (UID 80359) |
|---|
| Submission | 02/13/2026 21:08 (4 months ago) |
|---|
| Moderation | 02/24/2026 10:41 (11 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 347527 [Intelbras TIP 635G 1.12.3.5 Ping os command injection] |
|---|
| Points | 20 |
|---|