Login Sign Up

CVE-2023-39171

7.2 HIGH
Authentication Bypass

📋 TL;DR

SENEC Storage Box V1, V2, and V3 devices expose a management interface with publicly known default admin credentials, allowing unauthorized access. This affects all users of these devices with internet-facing or network-accessible interfaces.

💻 Affected Systems

Products:
  • SENEC Storage Box
Versions: V1, V2, V3
Operating Systems: Embedded Linux-based firmware
Default Config Vulnerable: ⚠️ Yes
Notes: All devices with default admin credentials are vulnerable. Devices with changed credentials are not affected.

📦 What is this software?

Senec Storage Box Firmware by Enbw

View all CVEs affecting Senec Storage Box Firmware →

Senec Storage Box Firmware by Enbw

View all CVEs affecting Senec Storage Box Firmware →

Senec Storage Box Firmware by Enbw

View all CVEs affecting Senec Storage Box Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full compromise of the storage system allowing data theft, ransomware deployment, or use as an attack pivot point into connected networks.

🟠

Likely Case

Unauthorized access to management interface leading to configuration changes, data access, or device disruption.

🟢

If Mitigated

Limited impact if device is isolated behind firewalls with no external access and credentials have been changed.

🌐 Internet-Facing: HIGH - Devices exposed to the internet can be easily discovered and exploited using known credentials.
🏢 Internal Only: MEDIUM - Internal attackers or compromised systems could still exploit this if credentials haven't been changed.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires only knowledge of default credentials and network access to the management interface.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: https://seclists.org/fulldisclosure/2023/Nov/2

Restart Required: No

Instructions:

1. Access the management interface
2. Navigate to user/administration settings
3. Change the default admin password to a strong, unique password
4. Consider disabling remote management if not required

🔧 Temporary Workarounds

Network Isolation

linux

Restrict network access to the management interface using firewall rules

iptables -A INPUT -p tcp --dport [management_port] -s [trusted_network] -j ACCEPT
iptables -A INPUT -p tcp --dport [management_port] -j DROP

Credential Change

all

Change default admin credentials immediately

🧯 If You Can't Patch

  • Isolate the device on a separate VLAN with strict access controls
  • Implement network monitoring for unauthorized access attempts to the management interface

🔍 How to Verify

Check if Vulnerable:

Attempt to access the management interface using default credentials (check vendor documentation for defaults)

Check Version:

Check device web interface or serial console for firmware version information

Verify Fix Applied:

Verify that default credentials no longer work and only new credentials provide access

📡 Detection & Monitoring

Log Indicators:

  • Failed login attempts followed by successful login with default credentials
  • Configuration changes from unexpected IP addresses

Network Indicators:

  • Unauthorized access to management port (typically 80/443)
  • Traffic patterns indicating configuration changes

SIEM Query:

source_ip=* AND destination_port=80 OR destination_port=443 AND user_agent contains 'admin' AND event_type='authentication_success'

📊 Metadata

CVE ID: CVE-2023-39171
CVSS v3 Score: 7.2 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-668
Published: December 7, 2023
Last Updated: November 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39171, you might also want to check these:

CVE-2025-15114 9.8

This critical vulnerability in Ksenia Security Lares 4.0 Home Automation version 1.6 exposes the ala...

Same vulnerability type (CWE-668)
CVE-2021-27236 9.8

This vulnerability in Mutare Voice (EVM) allows unauthenticated attackers to include local files via...

Same vulnerability type (CWE-668)
CVE-2022-24074 9.8

CVE-2022-24074 is a critical vulnerability in Whale Browser's default Whale Bridge extension that al...

Same vulnerability type (CWE-668)