cbcvebase.
CVE-2023-23063
published 2023-02-22

CVE-2023-23063: Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFileContent.cgi.

PriorityP275high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.43%
82.2th percentile
Cellinx NVT v1.0.6.002b was discovered to contain a local file disclosure vulnerability via the component /cgi-bin/GetFileContent.cgi.

Affected

1 ranges
VendorProductVersion rangeFixed in
cellinxnvt_web_server

Detection & IOCsextracted from sources · hover to see the quote

path/cgi-bin/GetFileContent.cgi
url{{BaseURL}}/cgi-bin/GetFileContent.cgi?USER=root&PWD=D1D1D1D1D1D1D1D1D1D1D1D1A2A2B0A1D1D1D1D1D1D1D1D1D1D1D1D1D1D1B8D1&PATH=/etc/passwd
  • Exploit requests target GET /cgi-bin/GetFileContent.cgi with USER, PWD, and PATH parameters; look for PATH=/etc/passwd or other absolute paths indicating LFI attempts.
  • Successful exploitation returns HTTP 200 with a body matching 'root:.*:0:0:' (passwd file content) and a response header containing 'TRACKID='.
  • Fingerprint vulnerable Cellinx NVT devices via FOFA query: body contains '/viewer/viewer.html', response header contains 'lighttpd', and country is 'KR'.
  • The hardcoded PWD value 'D1D1D1D1D1D1D1D1D1D1D1D1A2A2B0A1D1D1D1D1D1D1D1D1D1D1D1D1D1D1B8D1' appears to be a default/static credential used in exploitation; flag requests containing this value.
  • ·The vulnerability affects specifically Cellinx NVT version 1.0.6.002b; detections should be scoped to this version to avoid false positives on other products.
  • ·The exploit is unauthenticated (PR:N) and network-accessible (AV:N), meaning no prior authentication is required; perimeter-level detection/blocking of requests to GetFileContent.cgi is viable.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.