CVE-2026-12211 - Vulnerability Details

- Intelbras iNVU 7016 FT Web syslog path traversal

Description

A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2_Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

Published: 2026-06-15

Score: 5.1 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

A path‑traversal flaw was identified in the Web Interface of Intelbras iNVU 7016 FT, specifically within the /RPC2_Loadfile/syslog/ routine. The vulnerability allows an attacker to manipulate the requested path and access files located outside the intended directory, potentially exposing log data or other sensitive files on the device. The weakness is a classic instance of CWE‑22 and results in unauthorized data disclosure without requiring local access.

Affected Systems

The affected product is Intelbras iNVU 7016 FT running firmware version 3.004.00IB000.0.T Build 2025‑09‑26. No other versions are listed, but the component should be considered vulnerable on any build lacking the vendor’s fix.

Risk and Exploitability

The CVSS score of 5.1 indicates moderate severity, and the vulnerability can be exploited remotely. The EPSS score is not available and the issue is not listed in CISA’s KEV catalog, yet the exploit has been published and may be used in the wild. Because path traversal only grants read access, the impact is limited to information disclosure, but it can compromise device integrity if sensitive configuration files are accessible. Applying the vendor’s patch mitigates the risk; absence of a patch signals that users should isolate the device or restrict web interface access to trusted sources.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Intelbras

iNVU 7016 FT

affected

Version	Status	Constraints
`3.004.00IB000.0.T Build 2025-09-26`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade the iNVU 7016 FT firmware to the latest release that includes the path‑traversal fix.
If an immediate firmware update is not possible, block external access to the /RPC2_Loadfile/syslog/ endpoint via network firewall or device ACLs to prevent remote exploitation.
Implement input validation or sanitization on the device’s web interface to reject path‑traversal sequences such as ".." or absolute paths (step 3 is a temporary protection if a patch is unavailable).

Generated by OpenCVE AI on June 15, 2026 at 04:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
http://api-cronos.intelbras.com.br/download/INVU/INVU7016FT/prod/INVU7016FT-2026.05.29-712953bf2bb2af7e72d0577ad5ef6455.260527.BIN
https://coaglio.com/writeups/lfi-intelbras-invu.html
https://vuldb.com/cve/CVE-2026-12211
https://vuldb.com/submit/832544
https://vuldb.com/vuln/370853
https://vuldb.com/vuln/370853/cti

History

Mon, 15 Jun 2026 03:00:00 +0000

Type	Values Removed	Values Added
Description		A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2_Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
Title		Intelbras iNVU 7016 FT Web syslog path traversal
First Time appeared		Intelbras Intelbras invu 7016 Ft
Weaknesses		CWE-22
CPEs		cpe:2.3:h:intelbras:invu_7016_ft::::::::
Vendors & Products		Intelbras Intelbras invu 7016 Ft
References		http://api-cronos.intelbras.com.br/download/INVU/INVU7016FT/prod/INVU7016FT-2026.05.29-712953bf2bb2af7e72d0577ad5ef6455.260527.BIN https://coaglio.com/writeups/lfi-intelbras-invu.html https://vuldb.com/cve/CVE-2026-12211 https://vuldb.com/submit/832544 https://vuldb.com/vuln/370853 https://vuldb.com/vuln/370853/cti
Metrics		cvssV2_0 `{'score': 3.3, 'vector': 'AV:N/AC:L/Au:M/C:P/I:N/A:N/E:POC/RL:OF/RC:C'}` cvssV3_0 `{'score': 2.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C'}` cvssV3_1 `{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C'}` cvssV4_0 `{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P'}`

Subscriptions

Intelbras Invu 7016 Ft

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2026-06-15T02:45:08.782Z

Updated: 2026-06-15T02:45:08.782Z

Reserved: 2026-06-14T12:32:49.466Z

Link: CVE-2026-12211

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-06-15T03:16:24.490

Modified: 2026-06-15T03:16:24.490

Link: CVE-2026-12211

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-15T04:30:29Z

Weaknesses

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact None

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Multiple

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object