CVE-2026-12211

LOW

Intelbras iNVU 7016 FT Web syslog path traversal

Title source: cna

Description

A flaw has been found in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. This impacts an unknown function of the file /RPC2_Loadfile/syslog/ of the component Web Interface. Executing a manipulation can lead to path traversal. The attack can be launched remotely. The exploit has been published and may be used. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product.

References (6)

Core 6

Core References

Exploit exploit

https://coaglio.com/writeups/lfi-intelbras-invu.html

Vdb Entry vdb-entry

VDB-370853 | Intelbras iNVU 7016 FT Web syslog path traversal

https://vuldb.com/vuln/370853

Signature, Permissions Required signature permissions-required

VDB-370853 | CTI Indicators (IOB, IOC, TTP, IOA)

https://vuldb.com/vuln/370853/cti

Third Party Advisory third-party-advisory

CVE-2026-12211 | CVE Analysis and Report

https://vuldb.com/cve/CVE-2026-12211

Third Party Advisory third-party-advisory

Submit #832544 | Intelbras iNVU 7016 FT 3.004.00IB000.0.T (Build 2025-09-26) Path Traversal

https://vuldb.com/submit/832544

Patch patch

http://api-cronos.intelbras.com.br/download/INVU/INVU7016FT/prod/INVU7016FT-2026.05.29-712953bf2bb2af7e72d0577ad5ef6455.260527.BIN

Scores

CVSS v3 2.7

EPSS 0.0037

EPSS Percentile 28.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (1)

Intelbras/iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26

Published Jun 15, 2026

Tracked Since Jun 15, 2026