cbcvebase.
CVE-2023-40924
published 2023-09-08

CVE-2023-40924: SolarView Compact < 6.00 is vulnerable to Directory Traversal.

PriorityP357high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
2.89%
85.1th percentile
SolarView Compact < 6.00 is vulnerable to Directory Traversal.

Affected

1 ranges
VendorProductVersion rangeFixed in
contecsolarview_compact_firmware< 6.06.0

Detection & IOCsextracted from sources · hover to see the quote

path/downloader.php
url{{BaseURL}}/downloader.php?file=../../../../../../../../../../etc/passwd%00.jpg
  • Look for GET requests to /downloader.php with a 'file' parameter containing path traversal sequences (../../) and a null byte followed by a file extension (e.g., %00.jpg) — this is the null byte bypass technique used to evade extension checks.
  • Identify exposed SolarView Compact instances via Shodan using the query http.html:"SolarView Compact" or favicon hash -244067125, and FOFA using body="solarview compact" or icon_hash="-244067125".
  • Successful exploitation returns HTTP 200 with /etc/passwd content in the response body; match on the regex pattern 'root:.*:0:0:' to confirm file read.
  • The vulnerability is unauthenticated — no session cookie or credentials are required, so any GET to /downloader.php with traversal sequences from an unauthenticated source is suspicious.
  • ·The null byte bypass (%00) is the key evasion mechanism — detection rules must account for URL-encoded null bytes in the 'file' parameter, not just plain traversal sequences.
  • ·Only SolarView Compact firmware versions strictly below 6.00 are affected; version 6.00 and later are not vulnerable.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.