CVE-2023-36144

HIGH EXPLOITED NUCLEI

Intelbras Switch SG 2404 MR - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2023-36144 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including leonardobg. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC demonstrates an unauthenticated information disclosure vulnerability in Intelbras Switch SG 2404 MR L2+ firmware 1.00.54. It allows an attacker to download a backup file containing device configurations, users, and hashed passwords via a direct HTTP request.

Description

An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device configuration.

Exploits (1)

nomisec WORKING POC 1 stars
by leonardobg · infoleak
https://github.com/leonardobg/CVE-2023-36144

This PoC demonstrates an unauthenticated information disclosure vulnerability in Intelbras Switch SG 2404 MR L2+ firmware 1.00.54. It allows an attacker to download a backup file containing device configurations, users, and hashed passwords via a direct HTTP request.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Intelbras Switch SG 2404 MR L2+ firmware 1.00.54
No auth needed
Prerequisites: Network access to the target device
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Intelbras Switch - Information Disclosure
HIGHby gy741
Shodan: title:"Intelbras" || http.title:"intelbras"
FOFA: title="intelbras"

References (2)

Core 2

Scores

CVSS v3 7.5
EPSS 0.3847
EPSS Percentile 98.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

VulnCheck KEV 2025-05-09
CWE
CWE-862
Status published
Products (1)
intelbras/sg_2404_mr_firmware 1.00.54
Published Jun 30, 2023
Tracked Since Feb 18, 2026