Command Injection Vulnerability in Intelbras WiFiber 120AC
CVE-2022-40005

8.8HIGH

Key Information:

Vendor: Intelbras
Status: Wifiber 120ac Inmesh Firmware
Vendor: CVE Published:; 25 December 2022

Summary

The Intelbras WiFiber 120AC inMesh device is vulnerable to command injection attacks that can be exploited by authenticated users. This vulnerability allows attackers to execute arbitrary commands via specific HTTP URIs, such as /boaform/formPing6 and /boaform/formTracert, compromising the integrity of the system. Users must ensure their devices are updated to mitigate potential risks associated with this flaw.

References

https://cyberdanube.com/en/authenticated-command-injectio...

https://seclists.org/fulldisclosure/2022/Dec/13

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 25, 2022
Vulnerability Reserved
Sep 6, 2022