CVE-2022-40005
HIGH EXPLOITEDIntelbras WiFiber 120AC inMesh < 1.1-220826 - Authenticated OS Command Injection via formPing6 and formTracert URIs
Title source: llmExploitation Summary
CVE-2022-40005 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users, as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute.
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory
https://cyberdanube.com/en/authenticated-command-injection-in-intelbras-wifiber-120ac-inmesh/
Exploit, Mailing List, Patch, Third Party Advisory
https://seclists.org/fulldisclosure/2022/Dec/13
Scores
CVSS v3
8.8
EPSS
0.3478
EPSS Percentile
98.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
VulnCheck KEV
2023-06-22
CWE
CWE-78
Status
published
Products (1)
intelbras/wifiber_120ac_inmesh_firmware
1.1-220216 - 1.1-220826
Published
Dec 25, 2022
Tracked Since
Feb 18, 2026