CVE-2014-9610

MEDIUM

Netsweeper <3.1.10, <4.0.9, <4.1.2 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9610. PoCs published by Anastasios Monachos.

AI-analyzed exploit summary This is a writeup describing an authentication bypass vulnerability in Netsweeper 4.0.8, allowing unauthenticated users to disable IP quarantine by accessing a specific URL path. The vulnerability was patched in subsequent versions.

Description

Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.

Exploits (1)

exploitdb WRITEUP
by Anastasios Monachos · textwebappsphp
https://www.exploit-db.com/exploits/37929

This is a writeup describing an authentication bypass vulnerability in Netsweeper 4.0.8, allowing unauthenticated users to disable IP quarantine by accessing a specific URL path. The vulnerability was patched in subsequent versions.

Classification
Writeup 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Netsweeper 4.0.8
No auth needed
Prerequisites: Network access to the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/37929/

Scores

CVSS v3 5.3
EPSS 0.0373
EPSS Percentile 88.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Details

CWE
CWE-264
Status published
Products (12)
netsweeper/netsweeper 4.0.0
netsweeper/netsweeper 4.0.1
netsweeper/netsweeper 4.0.2
netsweeper/netsweeper 4.0.3
netsweeper/netsweeper 4.0.4
netsweeper/netsweeper 4.0.5
netsweeper/netsweeper 4.0.6
netsweeper/netsweeper 4.0.7
netsweeper/netsweeper 4.0.8
netsweeper/netsweeper 4.1.0
... and 2 more
Published Sep 19, 2017
Tracked Since Feb 18, 2026