CVE-2023-23333

CRITICAL EXPLOITED IN THE WILD NUCLEI

SolarView Compact Firmware <= 6.00 - Remote Command Execution via downloader.php

Title source: llm

Exploitation Summary

CVE-2023-23333 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). EIP tracks 5 public exploits from researchers including ByteHunter, Mr-xn, Timorlover, including a Metasploit module exploits/linux/http/solarview_unauth_rce_cve_2023_23333. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a command injection vulnerability in SolarView Compact 6.00 via the 'file' parameter in downloader.php. It executes a base64-encoded command to read /etc/passwd, confirming RCE if 'root' is found in the output.

Description

There is a command injection vulnerability in SolarView Compact through 6.00, attackers can execute commands by bypassing internal restrictions through downloader.php.

Exploits (5)

exploitdb WORKING POC

by ByteHunter · pythonremotehardware

https://www.exploit-db.com/exploits/51886

View Code ZIP pw:eip

This exploit demonstrates a command injection vulnerability in SolarView Compact 6.00 via the 'file' parameter in downloader.php. It executes a base64-encoded command to read /etc/passwd, confirming RCE if 'root' is found in the output.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: SolarView Compact 6.00

No auth needed

Prerequisites: Network access to the target device · SolarView Compact 6.00 with exposed downloader.php

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 14 stars

by Mr-xn · remote

https://github.com/Mr-xn/CVE-2023-23333

View Code ZIP pw:eip

This repository contains a functional Nuclei template for CVE-2023-23333, which exploits an OS command injection vulnerability in SolarView Compact 6.00 via the downloader.php endpoint. The template sends a crafted HTTP request with a command injection payload and checks for execution by matching the output of the 'id' command.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: SolarView Compact 6.00

No auth needed

Prerequisites: Network access to the target SolarView Compact instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 8 stars

by Timorlover · remote

https://github.com/Timorlover/CVE-2023-23333

View Code ZIP pw:eip

The repository contains a functional command injection exploit for CVE-2023-23333 in SolarView Compact <=6.00. The PoC leverages the `downloader.php` file parameter to bypass restrictions and execute arbitrary commands via a base64-encoded payload.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: SolarView Compact <=6.00

No auth needed

Prerequisites: Network access to the target's `downloader.php` endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec SUSPICIOUS 2 stars

by emanueldosreis · remote

https://github.com/emanueldosreis/nmap-CVE-2023-23333-exploit

View Code ZIP pw:eip

The repository claims to provide an Nmap NSE script for exploiting CVE-2023-23333 but lacks actual code or technical details. It references an unrelated CVE (CVE-2022-29303) and provides no exploit logic, only generic usage instructions.

Classification

Suspicious 90%

Attack Type

Info Leak

Complexity

Theoretical

Reliability

Theoretical

Target: SolarWinds (version unspecified)

No auth needed

Prerequisites: none specified

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypocphp

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/solarview_unauth_rce_cve_2023_23333.rb

View Code ZIP pw:eip

This Metasploit module exploits a command injection vulnerability in SolarView Compact v6.00 via the `downloader.php` endpoint, allowing unauthenticated remote code execution. It supports multiple payload types, including PHP, Unix commands, and Linux droppers, with techniques to hide payloads in PNG files.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: SolarView Compact v6.00

No auth needed

Prerequisites: Network access to the target's web interface · Target running SolarView Compact v6.00

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

SolarView Compact 6.00 - OS Command Injection

CRITICALVERIFIEDby Mr-xn

Shodan:

http.html:"SolarView Compact" || http.favicon.hash:"-244067125" || http.html:"solarview compact" || cpe:"cpe:2.3:o:contec:solarview_compact_firmware"

FOFA:

body="SolarView Compact" && title="Top" || body="solarview compact" && title="top" || icon_hash="-244067125" || body="solarview compact"

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/Timorlover/CVE-2023-23333

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/174537/SolarView-Compact-6.00-Remote-Command-Execution.html

Scores

CVSS v3 9.8

EPSS 0.9422

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

VulnCheck KEV 2023-07-05

InTheWild.io 2024-09-18

CWE

CWE-77

Status published

Products (1)

contec/solarview_compact_firmware < 6.00

Published Feb 06, 2023

Tracked Since Feb 18, 2026