read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc/smb.conf because /var is a symlink to /tmp.Referenceshttps://www.exploit-db.com/exploits/45089/https://neonsea.uk/blog/2018/07/21/tmp-to-rce.html
