CVE-2026-3101

MediumPublic PoC

Published: 24 February 2026

Published

24 February 2026

Modified

26 February 2026

KEV Added

—

Patch

—

CVSS Score 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

EPSS Score 0.0051 66.6th percentile

Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Description

A vulnerability was found in Intelbras TIP 635G 1.12.3.5. This vulnerability affects unknown code of the component Ping Handler. The manipulation results in os command injection. The attack can be executed remotely. The exploit has been made public and could…

be used. The vendor was contacted early about this disclosure but did not respond in any way.

Mitigating Controls (NIST 800-53 r5)AI

SI-10 Information Input Validation good match

prevent

Directly validates and sanitizes inputs to the Ping Handler component to prevent OS command injection exploitation.

SI-2 Flaw Remediation good match

prevent

Ensures timely identification, reporting, and remediation of the known OS command injection flaw in Intelbras TIP 635G version 1.12.3.5.

AC-6 Least Privilege partial match

prevent

Enforces least privilege for low-privileged authenticated users accessing the Ping Handler, limiting potential RCE impact post-exploitation.

Security SummaryAI

CVE-2026-3101 is an OS command injection vulnerability (CWE-77, CWE-78) in the Ping Handler component of Intelbras TIP 635G version 1.12.3.5. The issue allows manipulation of unknown code within this component, enabling remote attackers to inject and execute operating system commands. Assigned a CVSS v3.1 base score of 6.3 (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L), it was published on 2026-02-24.

The vulnerability requires low privileges (PR:L), meaning an authenticated user with basic access can exploit it over the network without user interaction. Successful exploitation leads to OS command injection, potentially resulting in root remote code execution (RCE), as detailed in a public writeup. A proof-of-concept exploit has been disclosed publicly.

Advisories from VulDB indicate the vendor was contacted early for coordinated disclosure but provided no response, with no patches or official mitigations mentioned. References include VulDB entries (ctiid.347527, id.347527, submit.757986) and a Notion page detailing the authenticated OS command injection to root RCE.

The exploit's public availability increases the risk of widespread abuse, though no confirmed real-world exploitation has been reported in the provided details.

Details

CWE(s): CWE-77 CWE-78

Affected Products

intelbras

tip 635g firmware

1.12.3.5

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.004 Unix Shell Execution

Adversaries may abuse Unix shell commands and scripts for execution.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

OS command injection in remote Ping Handler enables exploitation of public-facing application (T1190), Unix shell command execution (T1059.004), and privilege escalation from low privileges to root RCE (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References

https://vuldb.com/?ctiid.347527
Permissions Required · cna@vuldb.com
https://vuldb.com/?id.347527
Third Party Advisory, VDB Entry · cna@vuldb.com
https://vuldb.com/?submit.757986
Third Party Advisory, VDB Entry · cna@vuldb.com
https://www.notion.so/eldruin/Intelbras-TIP-635G-Authenticated-OS-Command-Injection-Leading-to-Root-RCE-30627474cccb80929328e7c3b3ea0f9b
Exploit, Third Party Advisory · cna@vuldb.com