Login Sign Up

CVE-2023-36623

7.8 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability allows local attackers to calculate the root password of Loxone Miniserver Go Gen.2 devices using hard-coded secrets and the device's MAC address. This enables privilege escalation to root access. Affected users are those running vulnerable versions of this smart home server.

💻 Affected Systems

Products:
  • Loxone Miniserver Go Gen.2
Versions: All versions before 14.2
Operating Systems: Embedded Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All devices with default configuration are vulnerable. The vulnerability requires local access to the device or its network segment.

📦 What is this software?

Miniserver Go Gen 2 Firmware by Loxone

View all CVEs affecting Miniserver Go Gen 2 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the smart home server, allowing attackers to gain persistent root access, modify device configurations, access sensitive home automation data, and potentially pivot to other network devices.

🟠

Likely Case

Local attackers with physical or network access can gain root privileges, potentially disrupting smart home operations, accessing camera feeds, or manipulating automation rules.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to the device itself, preventing lateral movement to other systems.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires local network access but no authentication. The password calculation algorithm has been publicly documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 14.2

Vendor Advisory: https://www.loxone.com/enen/kb/cve-2023-36623/

Restart Required: Yes

Instructions:

1. Log into Loxone Config interface. 2. Navigate to System Updates. 3. Update to version 14.2 or later. 4. Reboot the device after update completes.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate Loxone Miniserver on separate VLAN to limit local access

Change Root Password

linux

Manually change root password if device cannot be immediately updated

ssh root@miniserver-ip
passwd

🧯 If You Can't Patch

  • Segment the device on a dedicated network VLAN with strict access controls
  • Implement network monitoring for unauthorized access attempts to the device

🔍 How to Verify

Check if Vulnerable:

Check device version in Loxone Config interface. If version is below 14.2, device is vulnerable.

Check Version:

Connect to Loxone Config interface and check System Information

Verify Fix Applied:

Verify version is 14.2 or higher in Loxone Config interface. Test that root password cannot be calculated using MAC address.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed SSH login attempts followed by successful root login
  • Unusual root access patterns

Network Indicators:

  • SSH connections to device from unexpected internal IPs
  • Port scanning activity targeting the device

SIEM Query:

source="loxone.logs" AND (event="ssh_login" AND user="root") OR (event="port_scan" AND target_ip="loxone_device_ip")

📊 Metadata

CVE ID: CVE-2023-36623
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-798
Published: July 5, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-36623, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)
CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)
CVE-2021-0248 10.0

This vulnerability involves hard-coded credentials in Juniper Junos OS on NFX Series devices, allowi...

Same vulnerability type (CWE-798)