CVE-2023-27573
Default Credentials in netbox-docker Pre-2.5.0 Allow Unauthorized Access
Publication date: 2026-03-11
Last updated on: 2026-03-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netbox-community | netbox-docker | to 2.5.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-1392 | The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in netbox-docker before version 2.5.0 involves a superuser account that uses default credentials. Specifically, the admin account has a default password, and the SUPERUSER_API_TOKEN is set to a hardcoded, static value: 0123456789abcdef0123456789abcdef01234567.
While most users change the admin password, about 10-15% of publicly accessible Netbox instances still use the default API token, which poses a significant security risk. This token is embedded in the Docker environment file and is not automatically changed during installation.
The default token was intended for isolated development environments, but many users repurposed netbox-docker for production without changing this token, exposing their systems to potential unauthorized access.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized access to the Netbox system because the default SUPERUSER_API_TOKEN is widely known and static.
Attackers can exploit this token to gain superuser privileges, potentially allowing them to view, modify, or delete sensitive network data managed by Netbox.
Since many affected systems are publicly accessible and contain real data, this can result in severe confidentiality, integrity, and availability impacts.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the Netbox Docker deployment is using the default SUPERUSER_API_TOKEN value, which is hardcoded and static.
Specifically, you can inspect the Docker environment file located at netbox-docker/env/netbox.env and look for the line containing SUPERUSER_API_TOKEN=0123456789abcdef0123456789abcdef01234567.
A simple command to check this on the system where Netbox Docker is deployed could be:
- grep SUPERUSER_API_TOKEN netbox-docker/env/netbox.env
If the output shows the default token value, the system is vulnerable.
Additionally, scanning network traffic or API calls for usage of this default token could help detect exploitation attempts, but the primary detection method is verifying the token configuration.
What immediate steps should I take to mitigate this vulnerability?
[{'type': 'paragraph', 'content': 'The immediate mitigation step is to change the default SUPERUSER_API_TOKEN to a unique, randomly generated token.'}, {'type': 'paragraph', 'content': 'It is recommended to generate a random hexadecimal string, for example using /dev/urandom, and replace the default token in the .env file or environment configuration.'}, {'type': 'list_item', 'content': 'Generate a random token with a command like: head -c 20 /dev/urandom | xxd -p'}, {'type': 'list_item', 'content': 'Update the netbox.env file to set SUPERUSER_API_TOKEN to this new value.'}, {'type': 'paragraph', 'content': "Additionally, ensure that the admin password is changed from the default 'admin' password."}, {'type': 'paragraph', 'content': 'It is also advised to avoid exposing Netbox Docker instances directly to the public internet unless properly secured.'}, {'type': 'paragraph', 'content': 'Upgrading to netbox-docker version 2.5.0 or later is recommended, as this version removes the default superuser creation, improving security.'}] [1, 3]