CVE-2023-36144

high-risk

Published 2023-06-30

An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.

Do I need to act?

85.5% chance of exploitation in next 30 days

EPSS score — higher than 15% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (1)

Sg 2404 Mr Firmware

Affected Vendors

Intelbras

References (4)

Product http://intelbras.com

Exploit https://github.com/leonardobg/CVE-2023-36144

Product http://intelbras.com

Exploit https://github.com/leonardobg/CVE-2023-36144

/ 100

high-risk

Severity 26/34 · High

Exploitability 20/34 · Moderate

Exposure 5/34 · Minimal