19 matches found
CVE-2018-25134
Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST requests to create administrative account...
CVE-2018-25133 Synaccess netBooter NP-0801DU 7.4 Cross-Site Request Forgery via Admin Interface
Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages with hidden form submissions to add admin users by tricking authenticated...
CVE-2018-25133 Synaccess netBooter NP-0801DU 7.4 Cross-Site Request Forgery via Admin Interface
Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages with hidden form submissions to add admin users by tricking authenticated...
CVE-2018-25133
CVE-2018-25133 affects Synaccess netBooter NP-0801DU 7.4. The vulnerability is a cross-site request forgery via the admin interface caused by lack of proper request validation. An attacker can lure an authenticated administrator to load a malicious page and perform unauthorized admin actions, suc...
CVE-2018-25134
CVE-2018-25134 affects Synaccess netBooter NP-02x/NP-08x (version 6.8) and is caused by an authentication bypass in the webNewAcct.cgi script. This allows unauthenticated attackers to craft POST requests that create admin user accounts, enabling unauthorized control over power‑supply management. ...
PT-2025-53354
Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST requests to create administrative account...
PT-2025-53353
Name of the Vulnerable Software and Affected Versions Synaccess netBooter NP-0801DU version 7.4 Description The software contains a cross-site request forgery condition that may allow attackers to perform administrative actions without sufficient request validation. An attacker can create malicio...
Synaccess netBooter NP-0801DU 安全漏洞
Synaccess netBooter NP-0801DU is an intelligent power controller from Synaccess, Inc. A security vulnerability exists in Synaccess netBooter NP-0801DU version 7.4, which stems from a lack of request validation and could lead to cross-site request forgery attacks...
Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass Vulnerability
Exploit for cgi platform in category web applications Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass Vendor: Synaccess Networks Inc. Product web page: https://www.synaccess-net.com Affected version: NP-0201D ver 6.8C NP-02 ver 6.5C NP-02 ver 6.4BC NP-0801D ver 6.4A NP-08 ver 6.10 NP-...
Synaccess netBooter NP-02xNP-08x 6.8 - Authentication Bypass
Synaccess netBooter NP-02xNP-08x 6.8 - Authentication Bypass Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass Vendor: Synaccess Networks Inc. Product web page: https://www.synaccess-net.com Affected version: NP-0201D ver 6.8C NP-02 ver 6.5C NP-02 ver 6.4BC NP-0801D ver 6.4A NP-08 ver...
Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass
Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass Vendor: Synaccess Networks Inc. Product web page: https://www.synaccess-net.com Affected version: NP-0201D ver 6.8C NP-02 ver 6.5C NP-02 ver 6.4BC NP-0801D ver 6.4A NP-08 ver 6.10 NP-02 ver 5.53BC Summary: netBooter NP-02B and NP-02BH...
Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)
Title: Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery Add Admin Author: Gjoko 'LiquidWorm' Krstic @zeroscience Exploit Date: 2018-11-17 Vendor: Synaccess Networks Inc. Product web page: https://www.synaccess-net.com Affected version: NP-0801DU HW6.0 BL1.5 FW7.23 WF7.4 Tested on:...
Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)
Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery Add Admin Title: Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery Add Admin Author: Gjoko 'LiquidWorm' Krstic @zeroscience Exploit Date: 2018-11-17 Vendor: Synaccess Networks Inc. Product web page:...
Synaccess netBooter NP-02x / NP-08x 6.8 Authentication Bypass Vulnerability
Synaccess netBooter NP-02x and NP-08x version 6.8 suffer from an authentication bypass vulnerability due to a missing control check when calling the webNewAcct.cgi script while creating users. This allows an unauthenticated attacker to create an admin user account and bypass authentication giving...
Synaccess netBooter NP-0801DU 7.4 Cross Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications 0day.today 2018-12-12...
Synaccess netBooter NP-02x / NP-08x 6.8 Authentication Bypass
Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass Vendor: Synaccess Networks Inc. Product web page: https://www.synaccess-net.com Affected version: NP-0201D ver 6.8C NP-02 ver 6.5C NP-02 ver 6.4BC NP-0801D ver 6.4A NP-08 ver 6.10 NP-02 ver 5.53BC Summary: netBooter NP-02B and NP-02BH...
Synaccess netBooter NP-0801DU 7.4 Cross Site Request Forgery
...
Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass
Summary netBooter™ NP-02B and NP-02BH provide independent control of one or two outlets in a small, robust form factor. Manageable via TCP/IP network or direct serial connection and 1U brackets optional for mounting. Control power to your devices with the ability to fit just about anywhere...
Synaccess netBooter NP-0801DU 7.4 CSRF Add Admin Exploit
Summary netBooter™ NP-0801DU and NP-0801DUH PDUs provide secured remote power source management of 8 independent outlets. Includes true RMS AC current reading and environment temperature monitoring via TCP/IP networks or local direct connection. Description The application interface allows users ...