CVE-2023-37608 – CVE-2023-37608 is a hardcoded credential vulner... (How to Fix)

Q: What is the severity of CVE-2023-37608?

CVE-2023-37608 has a CVSS score of 7.5 (HIGH). CVE-2023-37608 is a hardcoded credential vulnerability in Automatic Systems SOC FL9600 FirstLane devices that allows remote attackers to gain super admin access using the default password 'astech'. This affects organizations using these physical security/access control systems with vulnerable firmware versions.

📋 TL;DR

CVE-2023-37608 is a hardcoded credential vulnerability in Automatic Systems SOC FL9600 FirstLane devices that allows remote attackers to gain super admin access using the default password 'astech'. This affects organizations using these physical security/access control systems with vulnerable firmware versions.

💻 Affected Systems

Products:

Automatic Systems SOC FL9600 FirstLane

Versions: V06 lego_T04E00

Operating Systems: Embedded system firmware

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability exists in the default configuration with the hardcoded 'automaticsystems' super admin account.

📦 What is this software?

Soc Fl9600 Firstlane Firmware by Automaticsystems

View all CVEs affecting Soc Fl9600 Firstlane Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of physical security systems, unauthorized access to facilities, manipulation of access logs, and potential physical security breaches.

🟠

Likely Case

Unauthorized access to the SOC FL9600 management interface, viewing of sensitive access control data, and potential manipulation of door access permissions.

🟢

If Mitigated

Limited to attempted login failures if proper network segmentation and authentication controls are implemented.

🌐 Internet-Facing: HIGH - These devices are often exposed to networks with internet connectivity for remote management.

🏢 Internal Only: HIGH - Even internally, the hardcoded credentials allow easy privilege escalation.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only knowledge of the hardcoded credentials and network access to the device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No public vendor advisory found

Restart Required: No

Instructions:

No official patch available. Contact Automatic Systems support for firmware updates or guidance.

🔧 Temporary Workarounds

Change Default Credentials

all

Immediately change the password for the 'automaticsystems' super admin account to a strong, unique password.

Use device web interface: Login > Administration > Users > Change password for 'automaticsystems' account

Network Segmentation

all

Isolate SOC FL9600 devices on a dedicated VLAN with strict firewall rules limiting access to authorized management stations only.

🧯 If You Can't Patch

Implement strict network access controls to limit device exposure
Monitor authentication logs for attempts using the 'automaticsystems' account

🔍 How to Verify

Check if Vulnerable:

Attempt to authenticate to the SOC FL9600 web interface using username 'automaticsystems' and password 'astech'.

Check Version:

Check firmware version in web interface: System > Information > Firmware Version

Verify Fix Applied:

Verify the 'automaticsystems' account password has been changed by attempting to login with the old credentials (should fail).

📡 Detection & Monitoring

Log Indicators:

Successful authentication with 'automaticsystems' account
Multiple failed login attempts followed by success

Network Indicators:

Unusual authentication traffic to SOC FL9600 management ports
Traffic from unexpected source IPs to device

SIEM Query:

source="soc-fl9600-logs" AND (event_type="authentication" AND (username="automaticsystems" OR status="success"))

📊 Metadata

CVE ID: CVE-2023-37608

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-798

Published: January 3, 2024

Last Updated: June 3, 2025

🔗 References

https://github.com/CQURE/CVEs/tree/main/CVE-2023-37608 Exploit,Third Party Advisory
https://www.automatic-systems.com/range/
http://automatic-systems.com
http://soc.com
https://github.com/CQURE/CVEs/tree/main/CVE-2023-37608 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37608, you might also want to check these: