CVE-2018-25133

🗓️ 24 Dec 2025 19:27:44Reported by VulnCheckType

cve🔗 web.nvd.nist.gov👁 8 Views🌐 WEB

Cross-site request forgery in Synaccess netBooter NP-0801DU 7.4 allows admin actions via forged requests.

Reporter	Title	Published	Views	Family All 7
CNNVD	Synaccess netBooter NP-0801DU 安全漏洞	24 Dec 202500:00	–	cnnvd
Cvelist	CVE-2018-25133 Synaccess netBooter NP-0801DU 7.4 Cross-Site Request Forgery via Admin Interface	24 Dec 202519:27	–	cvelist
EUVD	EUVD-2025-205340	24 Dec 202521:30	–	euvd
NVD	CVE-2018-25133	24 Dec 202520:15	–	nvd
Positive Technologies	PT-2025-53353	24 Dec 202500:00	–	ptsecurity
Vulnrichment	CVE-2018-25133 Synaccess netBooter NP-0801DU 7.4 Cross-Site Request Forgery via Admin Interface	24 Dec 202519:27	–	vulnrichment
Zero Science Lab	Synaccess netBooter NP-0801DU 7.4 CSRF Add Admin Exploit	17 Nov 201800:00	–	zeroscience

Vulners

Node

synaccess_networks netbooter_np-0801duMatch7.4

[
  {
    "vendor": "Synaccess Networks Inc.",
    "product": "netBooter NP-0801DU",
    "versions": [
      {
        "version": "7.4",
        "status": "affected"
      }
    ]
  }
]

Source	Link
exploit-db	www.exploit-db.com/exploits/45894
zeroscience	www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5501.php
synaccess-net	www.synaccess-net.com/

Parameter	Position	Path	Description	CWE
add1	request body	10.0.0.19:8082/adm.htm	CSRF vulnerability allowing admin actions via forged requests without proper validation	CWE-352
add2	request body	10.0.0.19:8082/adm.htm	CSRF vulnerability allowing admin actions via forged requests without proper validation	CWE-352
add3	request body	10.0.0.19:8082/adm.htm	CSRF vulnerability allowing admin actions via forged requests without proper validation	CWE-352
adm0	request body	10.0.0.19:8082/adm.htm	CSRF vulnerability allowing admin actions via forged requests without proper validation	CWE-352

17 Jun 2026 01:54Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.14.3

CVSS 45.1

EPSS0.00145

SSVC

CWE-352