CVE-2023-27573
Published: 11 March 2026
Summary
CVE-2023-27573 is a critical-severity Use of Default Credentials (CWE-1392) vulnerability in Netboxlabs Netbox-Docker. Its CVSS base score is 9.0 (Critical).
Operationally, ranked at the 20.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-6 (Configuration Settings) and IA-5 (Authenticator Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly requires changing default authenticators like the hardcoded SUPERUSER_API_TOKEN prior to system use, preventing unauthorized superuser access.
Mandates identification, reporting, and timely remediation of flaws such as CVE-2023-27573 through patching or upgrading to fixed versions.
Requires establishing and enforcing secure configuration settings that prohibit default credentials in production deployments of netbox-docker.
NVD Description
netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the admin account, and 0123456789abcdef0123456789abcdef01234567 value for SUPERUSER_API_TOKEN). In practice on the public Internet, almost all users changed the password but only about 90% changed the token.…
more
Having a default token value was intentional and was valuable for the main intended use case of the netbox-docker product (isolated development networks). Some users engaged in an effort to repurpose netbox-docker for production. The documentation for this effort stated that the defaults must not be used. However, installation did not ensure non-default values. The Supplier was aware of the CVE ID assignment and did not object to the assignment.
Deeper analysisAI
CVE-2023-27573 affects netbox-docker versions prior to 2.5.0, where a superuser account exists with default credentials: an admin password for the admin account and a hardcoded SUPERUSER_API_TOKEN value of 0123456789abcdef0123456789abcdef01234567. This configuration represents a CWE-1392 vulnerability, earning a CVSS v3.1 base score of 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H). The default token was intentionally included to support the product's primary use case of isolated development networks, but installation scripts did not enforce changes when users repurposed it for production environments, despite documentation warnings against using defaults.
Remote attackers can exploit this vulnerability by attempting authentication with the known default credentials, particularly the API token, over the network. On publicly exposed instances, while nearly all users reportedly changed the admin password, approximately 10% failed to update the token, enabling unauthenticated attackers with no privileges to gain superuser access. Successful exploitation grants high confidentiality, integrity, and availability impact across the changed scope, potentially allowing full compromise of the NetBox instance.
Mitigation involves upgrading to netbox-docker version 2.5.0 or later, as detailed in the project's GitHub release notes, which address the issue following community discussion in issue #953 and the corresponding pull request #959. The supplier was aware of the CVE assignment and raised no objections.
Details
- CWE(s)