leonardobg - Security Researcher - Exploit Intelligence Platform

CVE-2022-24654 NOMISEC MEDIUM WRITEUP

INTELBRAS ATA 200 Firmware 74.19.10.21 - XSS

Authenticated stored cross-site scripting (XSS) vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload.

2 stars

CVSS 5.4

View Code

CVE-2023-36144 NOMISEC HIGH WORKING POC

Intelbras Switch SG 2404 MR - Auth Bypass

An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.

1 stars

CVSS 7.5

View Code

CVE-2023-36143 NOMISEC HIGH WORKING POC

Maxprint Maxlink 1200G v3.4.11E - Command Injection

Maxprint Maxlink 1200G v3.4.11E has an OS command injection vulnerability in the "Diagnostic tool" functionality of the device.

CVSS 8.8

View Code

CVE-2023-36146 NOMISEC MEDIUM WORKING POC

Multilaser RE 170 - Firmware 2.2.6733 - XSS

A Stored Cross-Site Scripting (XSS) vulnerability was found in Multilaser RE 170 using firmware 2.2.6733.

CVSS 5.4

View Code