CVE-2023-27573

Name of the Vulnerable Software and Affected Versions netbox-docker versions prior to 2.5.0

Description The netbox-docker software, before version 2.5.0, includes a superuser account with default credentials. Specifically, the admin account has a default password, and the SUPERUSER API TOKEN is set to a hardcoded value of 0123456789abcdef0123456789abcdef01234567. While the default token was intentionally included for isolated development networks, approximately 90% of users did not change this default value, leaving systems exposed. The documentation for production use explicitly stated that these defaults should not be used, but the installation process did not enforce non-default values.

Recommendations Upgrade to netbox-docker version 2.5.0 or later. Change the default password for the admin account. Change the default value of the SUPERUSER API TOKEN.