Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-36144

Published: 30/06/2023 Updated: 10/07/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Sg 2404 Mr Firmware

Vulnerability Summary

An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated malicious user to download the backup file of the device, exposing critical information about the device configuration.

Vulnerable Product Search on Vulmon Subscribe to Product

intelbras sg_2404_mr_firmware 1.00.54

Github Repositories

https://github.com/leonardobg/CVE-2023-36144

CVE-2023-36144 PoC of CVE-2023-36144 - Intelbras Switch SG 2404 MR L2+ firmware 10054 Download the backup file unauthenticated Steps to Reproduce: Go to the following link 127001/cgi-bin/exportCfgwithpasswd (replace 127001 with the device IP) It will auto download the backup file, containing the device configurations and its users and hashed passwords

References

CWE-862https://github.com/leonardobg/CVE-2023-36144http://intelbras.comhttps://nvd.nist.govhttps://github.com/leonardobg/CVE-2023-36144
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook