PatchSiren cyber security CVE debrief
CVE-2026-12211 Intelbras CVE debrief
A path traversal vulnerability has been identified in Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26. The vulnerability affects an unknown function of the file /RPC2_Loadfile/syslog/ within the Web Interface. An attacker can exploit this vulnerability remotely, potentially leading to unauthorized access to sensitive files.
- Vendor
- Intelbras
- Product
- iNVU 7016 FT
- CVSS
- LOW 2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of Intelbras iNVU 7016 FT 3.004.00IB000.0.T Build 2025-09-26 and earlier versions should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability has a CVSS score of 2 and is classified as LOW severity. It is related to CWE-22, which involves improper limitation of a pathname to a restricted directory.
Defensive priority
LOW
Recommended defensive actions
- Upgrade to a fixed version of the affected product.
- Review and restrict access to the /RPC2_Loadfile/syslog/ endpoint.
Evidence notes
The vendor, Intelbras, was contacted and responded professionally, releasing a fixed version of the affected product.
Official resources
CVE-2026-12211 was published on 2026-06-15T03:16:24.490Z.