Published: 21/11/2018 Updated: 03/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

PRTG Network Monitor prior to 18.2.40.1683 allows remote unauthenticated malicious users to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator).

Vulnerable Product	Search on Vulmon	Subscribe to Product
paessler prtg network monitor

CVE-2018-9276 PRTG < 18.2.39 Reverse Shell (Python3 support)

CVE-2018-9276 Authenticated Command Injection CVE-2018-9276 PRTG < 18239 Reverse Shell (Python3 support) Dependancies Impacket (python3 version) Netcat Msfvenom Usage git clone githubcom/A1vinSmith/CVE-2018-9276git /exploitpy -i targetIP -p targetPort --lhost hostIP --lport hostPort --user user --password pass The

Proof of concept for the vulnerability CVE-2018-19410

CVE-2018-19410-POC Proof of concept for the vulnerability CVE-2018-19410 Details PRTG Network Monitor Version: 182391661 and earlier Severity level: High Impact: Authentication Bypass, Improper Authorization, Local File Inclusion Access Vector: Remote The vulnerability permits remote and unauthenticated attackers to generate users with read-write privileges, including admini

NVD-CWE-noinfo https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-24/https://nvd.nist.gov https://github.com/A1vinSmith/CVE-2018-9276

CVE-2018-19410

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect