{"api_version":"1","generated_at":"2026-05-31T19:17:08+00:00","cve":"CVE-2023-37755","urls":{"html":"https://cve.report/CVE-2023-37755","api":"https://cve.report/api/cve/CVE-2023-37755.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-37755","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-37755"},"summary":{"title":"CVE-2023-37755","description":"i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator privileges, resulting in them being able to perform arbitrary system operations or cause a Denial of Service (DoS).","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-09-14 20:15:00","updated_at":"2023-11-07 04:17:00"},"problem_types":["CWE-798"],"metrics":[],"references":[{"url":"https://medium.com/@ray.999/i-doit-v25-and-below-incorrect-access-control-issue-cve-2023-37755-d7a54030e055","name":"https://medium.com/@ray.999/i-doit-v25-and-below-incorrect-access-control-issue-cve-2023-37755-d7a54030e055","refsource":"MISC","tags":[],"title":"i-doit v25 and below incorrect access control issue, CVE-2023–37755 - Ray - Medium","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://medium.com/@ray.999/d7a54030e055","name":"https://medium.com/@ray.999/d7a54030e055","refsource":"MISC","tags":[],"title":"i-doit v25 and below incorrect access control issue, CVE-2023–37755 - Ray - Medium","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://medium.com/%40ray.999/i-doit-v25-and-below-incorrect-access-control-issue-cve-2023-37755-d7a54030e055","name":"https://medium.com/%40ray.999/i-doit-v25-and-below-incorrect-access-control-issue-cve-2023-37755-d7a54030e055","refsource":"","tags":[],"title":"i-doit v25 and below incorrect access control issue, CVE-2023–37755 - Ray - Medium","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://medium.com/%40ray.999/d7a54030e055","name":"https://medium.com/%40ray.999/d7a54030e055","refsource":"","tags":[],"title":"i-doit v25 and below incorrect access control issue, CVE-2023–37755 - Ray - Medium","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/leekenghwa/CVE-2023-37755---Hardcoded-Admin-Credential-in-i-doit-Pro-25-and-below/blob/main/README.md","name":"https://github.com/leekenghwa/CVE-2023-37755---Hardcoded-Admin-Credential-in-i-doit-Pro-25-and-below/blob/main/README.md","refsource":"MISC","tags":[],"title":"CVE-2023-37755 - Hardcoded Admin Credential in i-doit Pro 25 and below","mime":"text/plain","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-37755","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-37755","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"37755","vulnerable":"1","versionEndIncluding":"25","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"i-doit","cpe5":"i-doit","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"open","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"37755","vulnerable":"1","versionEndIncluding":"25","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"i-doit","cpe5":"i-doit","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"pro","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2023-37755","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator privileges, resulting in them being able to perform arbitrary system operations or cause a Denial of Service (DoS)."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://github.com/leekenghwa/CVE-2023-37755---Hardcoded-Admin-Credential-in-i-doit-Pro-25-and-below/blob/main/README.md","url":"https://github.com/leekenghwa/CVE-2023-37755---Hardcoded-Admin-Credential-in-i-doit-Pro-25-and-below/blob/main/README.md"},{"refsource":"MISC","name":"https://medium.com/@ray.999/d7a54030e055","url":"https://medium.com/@ray.999/d7a54030e055"},{"refsource":"MISC","name":"https://medium.com/@ray.999/i-doit-v25-and-below-incorrect-access-control-issue-cve-2023-37755-d7a54030e055","url":"https://medium.com/@ray.999/i-doit-v25-and-below-incorrect-access-control-issue-cve-2023-37755-d7a54030e055"}]}},"nvd":{"publishedDate":"2023-09-14 20:15:00","lastModifiedDate":"2023-11-07 04:17:00","problem_types":["CWE-798"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:i-doit:i-doit:*:*:*:*:pro:*:*:*","versionEndIncluding":"25","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:i-doit:i-doit:*:*:*:*:open:*:*:*","versionEndIncluding":"25","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}