CVE-2023-36144
published 2023-06-30CVE-2023-36144: An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device…
PriorityP185high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
38.47%
98.4th percentile
An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intelbras | sg_2404_mr_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Unauthenticated HTTP GET to /cgi-bin/exportCfgwithpasswd returns a 200 response with Content-Disposition header containing 'attachment;filename=' and body containing 'System Description', 'System Version', and 'System Name' — indicating successful backup file download without authentication. ↗
- →Response body must contain all three strings: 'System Description', 'System Version', 'System Name' to confirm exploitation of the authentication bypass. ↗
- →Response header must contain 'attachment;filename=' (Content-Disposition) confirming a file download was triggered without authentication. ↗
- →Shodan/FOFA/Google dork for exposed Intelbras switch web interfaces: search for title 'Intelbras' or 'intelbras'. ↗
- ·Vulnerability is confirmed only on Intelbras Switch SG 2404 MR running firmware version 1.00.54. Other firmware versions may not be affected. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jgg8-69rp-g5j5: An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1
ghsa_unreviewed·2023-07-01
CVE-2023-36144 [HIGH] CWE-862 GHSA-jgg8-69rp-g5j5: An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1
An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.
VulnCheck
intelbras sg_2404_mr_firmware Missing Authorization
vulncheck·2023·CVSS 7.5
CVE-2023-36144 [HIGH] intelbras sg_2404_mr_firmware Missing Authorization
intelbras sg_2404_mr_firmware Missing Authorization
An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.
Affected: intelbras sg_2404_mr_firmware
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-05-09&host_type=src&vulnerability=cve-2023-36144; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2025-05-12&host_type=src&vulnerability=cve-2023-36144; https://dashboard.shadowserver.org/statis
No detection rules found.
Nuclei
Intelbras Switch - Information Disclosure
nuclei·CVSS 7.5
CVE-2023-36144 [HIGH] Intelbras Switch - Information Disclosure
Intelbras Switch - Information Disclosure
An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.
Template:
id: CVE-2023-36144
info:
name: Intelbras Switch - Information Disclosure
author: gy741
severity: high
description: |
An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.
impact: |
Unauthenticated attackers can exploit authentication bypass to download backup configuration files containing critical device information including credentials and network configuration
No writeups or analysis indexed.
2023-06-30
Published
Exploited in the wild