Executive Summary

CVE-2026-12211 is a Path Traversal vulnerability found in the Intelbras iNVU 7016 FT device, specifically in the web interface component related to the execution log download endpoint.

This flaw allows an attacker with valid web interface credentials and specific group permissions to manipulate a URL parameter improperly validated by the system, enabling them to read arbitrary system files with root privileges.

The vulnerability stems from improper path validation, which can lead to Local File Inclusion (LFI), exposing sensitive files such as /etc/shadow, SSH private keys, and configuration files containing hardcoded credentials.

The web application runs as root, which increases the severity of the impact. The vulnerability affects firmware version 3.004.00IB000.0.T (Build 2025-09-26) and is related to the Dahua codebase.

Useful 0 Not Useful 0

Impact Analysis

Exploitation of this vulnerability can allow attackers to read sensitive system files with root privileges, potentially exposing password hashes, SSH private keys, and configuration files with hardcoded credentials.

This exposure can lead to unauthorized access, credential theft, and possibly remote code execution, which could compromise the entire system.

Because the web application runs as root, the impact of a successful attack is significantly amplified, increasing the risk of full system compromise.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by attempting to access the vulnerable endpoint in the Intelbras iNVU 7016 FT web interface that allows path traversal. Specifically, testing the execution log download endpoint with crafted URL parameters to check if arbitrary files can be read may reveal the presence of the flaw.

Detection requires valid web interface credentials with specific group permissions such as "Storage," "Maintenance," or "System."

A possible command to test for the vulnerability could be a curl request to the vulnerable endpoint with a crafted path traversal payload, for example:

• curl -u username:password "http://<device-ip>/RPC2_Loadfile/syslog/?file=../../../../etc/shadow"

If the response contains sensitive system files like /etc/shadow, it indicates the vulnerability is present.

Useful 0 Not Useful 0

Mitigation Strategies

The primary immediate mitigation step is to upgrade the affected Intelbras iNVU 7016 FT firmware to the fixed version released by the vendor.

Additional recommended steps include:

• Review and restrict user permissions on the web interface, ensuring only necessary users have access to groups like "Storage," "Maintenance," or "System."
• Implement least privilege principles to limit access to sensitive functions.
• Apply input sanitization and path whitelisting if possible in custom deployments or configurations.

Since the vulnerability can be exploited remotely, limiting network exposure of the device's web interface (e.g., via firewall rules) can also reduce risk.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows attackers with valid credentials and specific permissions to read arbitrary system files with root privileges, potentially exposing sensitive information such as password hashes, SSH private keys, and configuration files containing hardcoded credentials.

Exposure of such sensitive data can lead to unauthorized access and compromise of personal or protected information, which may violate data protection regulations like GDPR and HIPAA that require safeguarding of personal and sensitive data.

Therefore, exploitation of this vulnerability could result in non-compliance with these standards due to inadequate protection of sensitive data and failure to enforce least privilege and proper access controls.

Useful 0 Not Useful 0