cbcvebase.
CVE-2023-36144
published 2023-06-30

CVE-2023-36144: An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device…

PriorityP185high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
38.47%
98.4th percentile
An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.

Affected

1 ranges
VendorProductVersion rangeFixed in
intelbrassg_2404_mr_firmware

Detection & IOCsextracted from sources · hover to see the quote

url/cgi-bin/exportCfgwithpasswd
path/cgi-bin/exportCfgwithpasswd
  • Unauthenticated HTTP GET to /cgi-bin/exportCfgwithpasswd returns a 200 response with Content-Disposition header containing 'attachment;filename=' and body containing 'System Description', 'System Version', and 'System Name' — indicating successful backup file download without authentication.
  • Response body must contain all three strings: 'System Description', 'System Version', 'System Name' to confirm exploitation of the authentication bypass.
  • Response header must contain 'attachment;filename=' (Content-Disposition) confirming a file download was triggered without authentication.
  • Shodan/FOFA/Google dork for exposed Intelbras switch web interfaces: search for title 'Intelbras' or 'intelbras'.
  • ·Vulnerability is confirmed only on Intelbras Switch SG 2404 MR running firmware version 1.00.54. Other firmware versions may not be affected.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.