Vulnerability Description
i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator privileges, resulting in them being able to perform arbitrary system operations or cause a Denial of Service (DoS).
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| I-Doit | I-Doit | <= 25 |
Related Weaknesses (CWE)
References
- https://github.com/leekenghwa/CVE-2023-37755---Hardcoded-Admin-Credential-in-i-dExploitThird Party Advisory
- https://medium.com/%40ray.999/d7a54030e055
- https://medium.com/%40ray.999/i-doit-v25-and-below-incorrect-access-control-issu
- https://github.com/leekenghwa/CVE-2023-37755---Hardcoded-Admin-Credential-in-i-dExploitThird Party Advisory
- https://medium.com/%40ray.999/d7a54030e055
- https://medium.com/%40ray.999/i-doit-v25-and-below-incorrect-access-control-issu
FAQ
What is CVE-2023-37755?
CVE-2023-37755 is a vulnerability with a CVSS score of 9.8 (CRITICAL). i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and a...
How severe is CVE-2023-37755?
CVE-2023-37755 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-37755?
Check the references section above for vendor advisories and patch information. Affected products include: I-Doit I-Doit.