EUVD-2026-36685
GHSA-64mj-fhhf-6gmf
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-accessible endpoint requires high-privilege auth (PR:H); path traversal yields only partial file read (C:L), no integrity or availability impact.
Primary rating from Vendor (VulDB).
CVSS VectorVendor: VulDB
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2_Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.
AnalysisAI
Path traversal in the Intelbras iNVU 7016 FT NVR web interface allows authenticated high-privilege remote users to read arbitrary files outside the intended syslog directory via the /RPC2_Loadfile/syslog/ endpoint. Affected firmware is version 3.004.00IB000.0.T Build 2025-09-26; the vendor has since released a patched firmware build (2026-05-29). …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires the attacker to hold a valid high-privilege (administrator-level) authenticated session on the Intelbras iNVU 7016 FT web interface, as confirmed by CVSS 4.0 metric PR:H. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 base score of 5.1 (Medium) reflects a constrained real-world risk profile: while the attack vector is network-accessible (AV:N) and requires no special attack conditions (AT:N, AC:L), exploitation demands high-privilege authentication (PR:H), limiting the exposed population to compromised or malicious administrators. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who has obtained valid high-privilege administrator credentials for the Intelbras iNVU 7016 FT web interface - whether through credential stuffing, phishing, or a prior breach - sends a crafted HTTP request to the /RPC2_Loadfile/syslog/ endpoint with a path traversal payload (e.g., ../../etc/passwd or similar) to read files outside the syslog directory. A public proof-of-concept writeup describing this technique exists at https://coaglio.com/writeups/lfi-intelbras-invu.html, lowering the bar for replication by less-skilled attackers who already hold admin credentials. |
| Remediation | Vendor-released patch: firmware build INVU7016FT-2026.05.29 (binary available from the Intelbras CDN at http://api-cronos.intelbras.com.br/download/INVU/INVU7016FT/prod/INVU7016FT-2026.05.29-712953bf2bb2af7e72d0577ad5ef6455.260527.BIN). … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Share
External POC / Exploit Code
Leaving vuln.today