INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies.
References
Link | Resource |
---|---|
https://github.com/vitorespf/Advisories/blob/master/Intelbras-switch.txt | Exploit Third Party Advisory |
https://www.intelbras.com/pt-br/switch-gerenciavel-24-portas-poe-gigabit-ethernet-sg-2404-poe | Product |
Configurations
History
23 Nov 2022, 18:07
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-269 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
First Time |
Intelbras sg 2404 Poe Firmware
Intelbras sg 2404 Mr Firmware Intelbras Intelbras sg 2404 Poe Intelbras sg 2404 Mr |
|
References | (MISC) https://github.com/vitorespf/Advisories/blob/master/Intelbras-switch.txt - Exploit, Third Party Advisory | |
References | (MISC) https://www.intelbras.com/pt-br/switch-gerenciavel-24-portas-poe-gigabit-ethernet-sg-2404-poe - Product | |
CPE | cpe:2.3:h:intelbras:sg_2404_mr:-:*:*:*:*:*:*:* cpe:2.3:o:intelbras:sg_2404_mr_firmware:-:*:*:*:*:*:*:* cpe:2.3:o:intelbras:sg_2404_poe_firmware:-:*:*:*:*:*:*:* cpe:2.3:h:intelbras:sg_2404_poe:-:*:*:*:*:*:*:* |
18 Nov 2022, 04:37
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-18 04:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-43308
Mitre link : CVE-2022-43308
CVE.ORG link : CVE-2022-43308
JSON object : View
Products Affected
intelbras
- sg_2404_mr
- sg_2404_poe
- sg_2404_poe_firmware
- sg_2404_mr_firmware
CWE
CWE-269
Improper Privilege Management