Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

netboxlabs

Source -

NVD

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

1
Related CVEsRelated ProductsRelated AssignersReports
1Vulnerabilities found
CVE-2023-27573
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9||CRITICAL
EPSS-0.07% / 20.50%
||
7 Day CHG+0.01%
Published-11 Mar, 2026 | 00:00
Updated-07 May, 2026 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In practice on the public Internet, almost all users changed the password but only about 90% changed the token. Having a default token value was intentional and was valuable for the main intended use case of the netbox-docker product (isolated development networks). Some users engaged in an effort to repurpose netbox-docker for production. The documentation for this effort stated that the defaults must not be used. However, installation did not ensure non-default values. The Supplier was aware of the CVE ID assignment and did not object to the assignment.

Action-Not Available
Vendor-netboxlabsnetbox-community
Product-netbox-dockernetbox-docker
CWE ID-CWE-1392
Use of Default Credentials
CWE ID-CWE-798
Use of Hard-coded Credentials