CVE-2022-40005 Information

Description

Intelbras WiFiber 120AC inMesh before 1-1-220826 allows command injection by authenticated users as demonstrated by the /boaform/formPing6 and /boaform/formTracert URIs for ping and traceroute.

Reference

https://seclists.org/fulldisclosure/2022/Dec/13 https://cyberdanube.com/en/authenticated-command-injection-in-intelbras-wifiber-120ac-inmesh/