Command Injection Vulnerability in Intelbras WiFiber 120AC
CVE-2022-40005

8.8HIGH

Key Information:

Vendor
Intelbras
Vendor
CVE Published:
25 December 2022

Summary

The Intelbras WiFiber 120AC inMesh device is vulnerable to command injection attacks that can be exploited by authenticated users. This vulnerability allows attackers to execute arbitrary commands via specific HTTP URIs, such as /boaform/formPing6 and /boaform/formTracert, compromising the integrity of the system. Users must ensure their devices are updated to mitigate potential risks associated with this flaw.

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.