CVE-2023-27573
Analyzed Analyzed - Analysis Complete
Default Credentials in netbox-docker Pre-2.5.0 Allow Unauthorized Access

Publication date: 2026-03-11

Last updated on: 2026-05-07

Assigner: MITRE

Description
netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In practice on the public Internet, almost all users changed the password but only about 90% changed the token. Having a default token value was intentional and was valuable for the main intended use case of the netbox-docker product (isolated development networks). Some users engaged in an effort to repurpose netbox-docker for production. The documentation for this effort stated that the defaults must not be used. However, installation did not ensure non-default values. The Supplier was aware of the CVE ID assignment and did not object to the assignment.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-11
Last Modified
2026-05-07
Generated
2026-06-16
AI Q&A
2026-03-11
EPSS Evaluated
2026-06-15
NVD
CVE-2023-27573
EUVD
EUVD-2023-31322
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
netboxlabs netbox-docker to 2.5.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-1392 The product uses default credentials (such as passwords or cryptographic keys) for potentially critical functionality.
CWE-798 The product contains hard-coded credentials, such as a password or cryptographic key.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in netbox-docker before version 2.5.0 involves a superuser account that uses default credentials. Specifically, the admin account has a default password, and the SUPERUSER_API_TOKEN is set to a hardcoded, static value: 0123456789abcdef0123456789abcdef01234567.

While most users change the admin password, about 10-15% of publicly accessible Netbox instances still use the default API token, which poses a significant security risk. This token is embedded in the Docker environment file and is not automatically changed during installation.

The default token was intended for isolated development environments, but many users repurposed netbox-docker for production without changing this token, exposing their systems to potential unauthorized access.

Impact Analysis

This vulnerability can lead to unauthorized access to the Netbox system because the default SUPERUSER_API_TOKEN is widely known and static.

Attackers can exploit this token to gain superuser privileges, potentially allowing them to view, modify, or delete sensitive network data managed by Netbox.

Since many affected systems are publicly accessible and contain real data, this can result in severe confidentiality, integrity, and availability impacts.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by checking if the Netbox Docker deployment is using the default SUPERUSER_API_TOKEN value, which is hardcoded and static.

Specifically, you can inspect the Docker environment file located at netbox-docker/env/netbox.env and look for the line containing SUPERUSER_API_TOKEN=0123456789abcdef0123456789abcdef01234567.

A simple command to check this on the system where Netbox Docker is deployed could be:

  • grep SUPERUSER_API_TOKEN netbox-docker/env/netbox.env

If the output shows the default token value, the system is vulnerable.

Additionally, scanning network traffic or API calls for usage of this default token could help detect exploitation attempts, but the primary detection method is verifying the token configuration.

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The immediate mitigation step is to change the default SUPERUSER_API_TOKEN to a unique, randomly generated token.'}, {'type': 'paragraph', 'content': 'It is recommended to generate a random hexadecimal string, for example using /dev/urandom, and replace the default token in the .env file or environment configuration.'}, {'type': 'list_item', 'content': 'Generate a random token with a command like: head -c 20 /dev/urandom | xxd -p'}, {'type': 'list_item', 'content': 'Update the netbox.env file to set SUPERUSER_API_TOKEN to this new value.'}, {'type': 'paragraph', 'content': "Additionally, ensure that the admin password is changed from the default 'admin' password."}, {'type': 'paragraph', 'content': 'It is also advised to avoid exposing Netbox Docker instances directly to the public internet unless properly secured.'}, {'type': 'paragraph', 'content': 'Upgrading to netbox-docker version 2.5.0 or later is recommended, as this version removes the default superuser creation, improving security.'}] [1, 3]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2023-27573. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart