Login Sign Up

CVE-2023-37607

7.5 HIGH

📋 TL;DR

This directory traversal vulnerability in Automatic Systems SOC FL9600 FirstLane allows remote attackers to read sensitive files on the system by manipulating the 'dir' parameter in csvServer.php requests. It affects organizations using vulnerable versions of this telecommunications equipment. Attackers can exploit this without authentication to access configuration files, credentials, or other sensitive data.

💻 Affected Systems

Products:
  • Automatic Systems SOC FL9600 FirstLane
Versions: V06 lego_T04E00
Operating Systems: Embedded/Proprietary
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the web interface component of the telecommunications equipment. No special configuration required for exploitation.

📦 What is this software?

Soc Fl9600 Firstlane Firmware by Automaticsystems

View all CVEs affecting Soc Fl9600 Firstlane Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through credential theft from configuration files, leading to unauthorized access, data exfiltration, or lateral movement within the network.

🟠

Likely Case

Sensitive information disclosure including configuration details, credentials, or system files that could enable further attacks.

🟢

If Mitigated

Limited impact with proper network segmentation and access controls preventing external exploitation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Simple HTTP request manipulation required. Public proof-of-concept available in GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.automatic-systems.com/range/

Restart Required: No

Instructions:

Contact vendor for patch information. No official patch details available at this time.

🔧 Temporary Workarounds

Web Application Firewall Rule

all

Block requests containing directory traversal sequences in the dir parameter

WAF specific - configure rule to block '..' in csvServer.php?file= parameter

Network Access Control

linux

Restrict access to the web interface to trusted networks only

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="TRUSTED_NETWORK" port port="80" protocol="tcp" accept'
firewall-cmd --reload

🧯 If You Can't Patch

  • Isolate the device on a separate VLAN with strict access controls
  • Implement network monitoring for directory traversal attempts to csvServer.php

🔍 How to Verify

Check if Vulnerable:

Test with curl: curl -v 'http://target/csvServer.php?file=../../../../etc/passwd' and check for file contents in response

Check Version:

Check web interface or device management console for version information

Verify Fix Applied:

Attempt the same test after mitigation - should receive error or no file contents

📡 Detection & Monitoring

Log Indicators:

  • HTTP requests to csvServer.php with '..' sequences in parameters
  • Unusual file access patterns from web server process

Network Indicators:

  • HTTP GET requests containing '../' patterns
  • Traffic to csvServer.php endpoint from unexpected sources

SIEM Query:

source="web_logs" AND uri="*csvServer.php*" AND (param="*..*" OR param="*../*")

📊 Metadata

CVE ID: CVE-2023-37607
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22
Published: January 3, 2024
Last Updated: June 3, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37607, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)