CVE-2018-25134

Sažetak

Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST requests to create administrative accounts and gain unauthorized control over power supply management.

Reference

https://www.exploit-db.com/exploits/45920
https://www.synaccess-net.com
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5500.php
https://www.exploit-db.com/exploits/45920
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5500.php

CVSS

Base:	9.8
Impact:	5.9
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

24-12-2025 - 21:15

Objavljeno

24-12-2025 - 20:15