CVE-2023-33277 – This vulnerability allows remote attackers to r... (How to Fix)

Q: What is the severity of CVE-2023-33277?

CVE-2023-33277 has a CVSS score of 7.5 (HIGH). This vulnerability allows remote attackers to read sensitive files on Gira KNX/IP-Router devices via directory traversal attacks in the web interface URL. Attackers can access files outside the intended directory, potentially exposing configuration files, credentials, or system information. Affected systems include Gira KNX/IP-Router versions 3.1.3683.0 and 3.3.8.0.

📋 TL;DR

This vulnerability allows remote attackers to read sensitive files on Gira KNX/IP-Router devices via directory traversal attacks in the web interface URL. Attackers can access files outside the intended directory, potentially exposing configuration files, credentials, or system information. Affected systems include Gira KNX/IP-Router versions 3.1.3683.0 and 3.3.8.0.

💻 Affected Systems

Products:

Gira Giersiepen Gira KNX/IP-Router

Versions: 3.1.3683.0 and 3.3.8.0

Operating Systems: Embedded Linux

Default Config Vulnerable: ⚠️ Yes

Notes: Affects web interface component; no special configuration required for exploitation.

📦 What is this software?

Knx Ip Router Firmware by Gira

View all CVEs affecting Knx Ip Router Firmware →

Knx Ip Router Firmware by Gira

View all CVEs affecting Knx Ip Router Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through credential theft from configuration files, followed by lateral movement in building automation networks.

🟠

Likely Case

Exposure of sensitive configuration data, KNX credentials, and network information that could enable further attacks.

🟢

If Mitigated

Limited to information disclosure if proper network segmentation and access controls are implemented.

🌐 Internet-Facing: HIGH - Web interface accessible remotely allows unauthenticated file reading.

🏢 Internal Only: MEDIUM - Still significant risk if attacker gains internal network access.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple directory traversal sequences in URLs; no authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check with vendor for updated firmware

Vendor Advisory: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-015.txt

Restart Required: Yes

Instructions:

1. Contact Gira support for patched firmware. 2. Backup configuration. 3. Upload new firmware via web interface. 4. Reboot device. 5. Verify fix by testing directory traversal.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate KNX/IP-Router from untrusted networks

Access Control Lists

linux

Restrict web interface access to trusted IPs only

iptables -A INPUT -p tcp --dport 80 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j DROP
iptables -A INPUT -p tcp --dport 443 -j DROP

🧯 If You Can't Patch

Disable web interface if not required for operations
Implement strict network segmentation and firewall rules to limit access

🔍 How to Verify

Check if Vulnerable:

Attempt to access /../../etc/passwd or similar traversal patterns via web interface

Check Version:

Check firmware version in web interface under System Information

Verify Fix Applied:

Test same directory traversal attempts; should return 404 or access denied

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing ../ patterns
Access to unusual file paths in web logs

Network Indicators:

Multiple failed attempts to access sensitive file paths
Unusual traffic patterns to KNX router web interface

SIEM Query:

source="web_logs" AND (url="*../*" OR url="*..\\*" OR url="*%2e%2e%2f*")

📊 Metadata

CVE ID: CVE-2023-33277

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: June 29, 2023

Last Updated: November 21, 2024

🔗 References

https://www.syss.de/en/responsible-disclosure-policy Not Applicable
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-015.txt Exploit,Third Party Advisory
https://www.syss.de/en/responsible-disclosure-policy Not Applicable
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2023-015.txt Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-33277, you might also want to check these: