CVE-2023-40924
published 2023-09-08CVE-2023-40924: SolarView Compact < 6.00 is vulnerable to Directory Traversal.
PriorityP357high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.89%
85.1th percentile
SolarView Compact < 6.00 is vulnerable to Directory Traversal.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| contec | solarview_compact_firmware | < 6.0 | 6.0 |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for GET requests to /downloader.php with a 'file' parameter containing path traversal sequences (../../) and a null byte followed by a file extension (e.g., %00.jpg) — this is the null byte bypass technique used to evade extension checks. ↗
- →Identify exposed SolarView Compact instances via Shodan using the query http.html:"SolarView Compact" or favicon hash -244067125, and FOFA using body="solarview compact" or icon_hash="-244067125". ↗
- →Successful exploitation returns HTTP 200 with /etc/passwd content in the response body; match on the regex pattern 'root:.*:0:0:' to confirm file read. ↗
- →The vulnerability is unauthenticated — no session cookie or credentials are required, so any GET to /downloader.php with traversal sequences from an unauthenticated source is suspicious. ↗
- ·The null byte bypass (%00) is the key evasion mechanism — detection rules must account for URL-encoded null bytes in the 'file' parameter, not just plain traversal sequences. ↗
- ·Only SolarView Compact firmware versions strictly below 6.00 are affected; version 6.00 and later are not vulnerable. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Nuclei
SolarView Compact < 6.00 - Directory Traversal
nuclei·CVSS 7.5
CVE-2023-40924 [HIGH] SolarView Compact < 6.00 - Directory Traversal
SolarView Compact < 6.00 - Directory Traversal
SolarView Compact before version 6.00 is vulnerable to directory traversal via the file parameter in downloader.php. An unauthenticated attacker can read arbitrary files from the system by using path traversal sequences with a null byte bypass to access sensitive files such as /etc/passwd.
Template:
id: CVE-2023-40924
info:
name: SolarView Compact < 6.00 - Directory Traversal
author: DhiyaneshDk
severity: high
description: |
SolarView Compact before version 6.00 is vulnerable to directory traversal via the file parameter in downloader.php. An unauthenticated attacker can read arbitrary files from the system by using path traversal sequences with a null byte bypass to access sensitive files such as /etc/passwd.
impact: |
An attacker can rea
No writeups or analysis indexed.
2023-09-08
Published