22 matches found
CVE-2018-25134
Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST requests to create administrative account...
CVE-2018-25133
Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages with hidden form submissions to add admin users by tricking authenticated...
CVE-2018-25134 Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass via webNewAcct.cgi
Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST requests to create administrative account...
CVE-2018-25133 Synaccess netBooter NP-0801DU 7.4 Cross-Site Request Forgery via Admin Interface
Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages with hidden form submissions to add admin users by tricking authenticated...
CVE-2018-25134 Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass via webNewAcct.cgi
Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST requests to create administrative account...
CVE-2018-25133 Synaccess netBooter NP-0801DU 7.4 Cross-Site Request Forgery via Admin Interface
Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages with hidden form submissions to add admin users by tricking authenticated...
CVE-2018-25133
CVE-2018-25133 affects Synaccess netBooter NP-0801DU 7.4. The vulnerability is a cross-site request forgery via the admin interface caused by lack of proper request validation. An attacker can lure an authenticated administrator to load a malicious page and perform unauthorized admin actions, suc...
CVE-2018-25134
CVE-2018-25134 affects Synaccess netBooter NP-02x/NP-08x (version 6.8) and is caused by an authentication bypass in the webNewAcct.cgi script. This allows unauthenticated attackers to craft POST requests that create admin user accounts, enabling unauthorized control over power‑supply management. ...
Synaccess netBooter NP-02x和Synaccess netBooter NP-08x 安全漏洞
The Synaccess netBooter NP-02x and Synaccess netBooter NP-08x are both products of Synaccess Corporation, U.S.A. The Synaccess netBooter NP-02x is an Intelligent Power Distribution unit.The Synaccess netBooter NP-08x is an intelligent power controller. A security vulnerability exists in Synaccess...
PT-2025-53353
Name of the Vulnerable Software and Affected Versions Synaccess netBooter NP-0801DU version 7.4 Description The software contains a cross-site request forgery condition that may allow attackers to perform administrative actions without sufficient request validation. An attacker can create malicio...
PT-2025-53354
Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST requests to create administrative account...
Synaccess netBooter NP-0801DU 安全漏洞
Synaccess netBooter NP-0801DU is an intelligent power controller from Synaccess, Inc. A security vulnerability exists in Synaccess netBooter NP-0801DU version 7.4, which stems from a lack of request validation and could lead to cross-site request forgery attacks...
Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass Vulnerability
Exploit for cgi platform in category web applications Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass Vendor: Synaccess Networks Inc. Product web page: https://www.synaccess-net.com Affected version: NP-0201D ver 6.8C NP-02 ver 6.5C NP-02 ver 6.4BC NP-0801D ver 6.4A NP-08 ver 6.10 NP-...
Synaccess netBooter NP-02xNP-08x 6.8 - Authentication Bypass
Synaccess netBooter NP-02xNP-08x 6.8 - Authentication Bypass Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass Vendor: Synaccess Networks Inc. Product web page: https://www.synaccess-net.com Affected version: NP-0201D ver 6.8C NP-02 ver 6.5C NP-02 ver 6.4BC NP-0801D ver 6.4A NP-08 ver...
Synaccess netBooter NP-02x/NP-08x 6.8 - Authentication Bypass
Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass Vendor: Synaccess Networks Inc. Product web page: https://www.synaccess-net.com Affected version: NP-0201D ver 6.8C NP-02 ver 6.5C NP-02 ver 6.4BC NP-0801D ver 6.4A NP-08 ver 6.10 NP-02 ver 5.53BC Summary: netBooter NP-02B and NP-02BH...
Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery (Add Admin)
Title: Synaccess netBooter NP-0801DU 7.4 - Cross-Site Request Forgery Add Admin Author: Gjoko 'LiquidWorm' Krstic @zeroscience Exploit Date: 2018-11-17 Vendor: Synaccess Networks Inc. Product web page: https://www.synaccess-net.com Affected version: NP-0801DU HW6.0 BL1.5 FW7.23 WF7.4 Tested on:...
Synaccess netBooter NP-02x / NP-08x 6.8 Authentication Bypass Vulnerability
Synaccess netBooter NP-02x and NP-08x version 6.8 suffer from an authentication bypass vulnerability due to a missing control check when calling the webNewAcct.cgi script while creating users. This allows an unauthenticated attacker to create an admin user account and bypass authentication giving...
Synaccess netBooter NP-0801DU 7.4 Cross Site Request Forgery Vulnerability
Exploit for hardware platform in category web applications 0day.today 2018-12-12...
Synaccess netBooter NP-0801DU 7.4 Cross Site Request Forgery
...
Synaccess netBooter NP-02x / NP-08x 6.8 Authentication Bypass
Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass Vendor: Synaccess Networks Inc. Product web page: https://www.synaccess-net.com Affected version: NP-0201D ver 6.8C NP-02 ver 6.5C NP-02 ver 6.4BC NP-0801D ver 6.4A NP-08 ver 6.10 NP-02 ver 5.53BC Summary: netBooter NP-02B and NP-02BH...