CVE-2017-7461

MEDIUM

Intellinet NFC-30ir IP Camera <LM.1.6.16.05 - Path Traversal

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-7461. PoCs published by Dimitri Fousekis.

AI-analyzed exploit summary The advisory describes two vulnerabilities in Intellinet NFC-30IR Network Cameras: an authenticated Local File Inclusion (LFI) via '/cgi-bin/admin/fileread' and a hard-coded manufacturer backdoor accessible via '/cgi-bin/mft/manufacture' with credentials 'manufacture:erutcafunam'.

Description

Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization.

Exploits (1)

exploitdb WRITEUP
by Dimitri Fousekis · textwebappshardware
https://www.exploit-db.com/exploits/41829

The advisory describes two vulnerabilities in Intellinet NFC-30IR Network Cameras: an authenticated Local File Inclusion (LFI) via '/cgi-bin/admin/fileread' and a hard-coded manufacturer backdoor accessible via '/cgi-bin/mft/manufacture' with credentials 'manufacture:erutcafunam'.

Classification
Writeup 100%
Attack Type
Info Leak | Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Intellinet NFC-30IR Network Cameras with firmware version LM.1.6.16.05
Auth required
Prerequisites: Network access to the camera · Valid admin credentials for LFI · Knowledge of hard-coded credentials for backdoor
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/41829/

Scores

CVSS v3 4.9
EPSS 0.1070
EPSS Percentile 95.2%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-22
Status published
Products (1)
intellinet-network/nfc-30ir_firmware lm.1.6.16.05
Published Apr 11, 2017
Tracked Since Feb 18, 2026