CVE-2018-10201

HIGH NUCLEI

NComputing vSpace Pro <11 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-10201. PoCs published by Javier Bernardo. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates a directory traversal vulnerability in Ncomputing vSpace Pro v10 and v11, allowing remote attackers to read arbitrary files outside the web root via crafted URLs with traversal patterns. The PoC includes example URLs and an Nmap command to verify the vulnerable port.

Description

An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667.

Exploits (1)

exploitdb WORKING POC

by Javier Bernardo · textwebappswindows

https://www.exploit-db.com/exploits/44497

View Code ZIP pw:eip

This exploit demonstrates a directory traversal vulnerability in Ncomputing vSpace Pro v10 and v11, allowing remote attackers to read arbitrary files outside the web root via crafted URLs with traversal patterns. The PoC includes example URLs and an Nmap command to verify the vulnerable port.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Ncomputing vSpace Pro v10 and v11

No auth needed

Prerequisites: Network access to TCP port 8667 on the target server

MITRE ATT&CK

T1006 - Direct Volume Access

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Ncomputing vSPace Pro 10 and 11 - Directory Traversal

HIGHby 0x_akoko

References (4)

Core 4

Core References

Third Party Advisory x_refsource_misc

https://www.kwell.net/kwell/index.php?option=com_newsfeeds&view=newsfeed&id=15&Itemid=173&lang=es

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44497/

Exploit, Third Party Advisory x_refsource_misc

http://www.kwell.net/kwell_blog/?p=5199

Various Sources x_refsource_confirm

https://support.ncomputing.com/portal/kb/articles/ncomputing-health-monitor-server-vulnerability-patch

Scores

CVSS v3 7.5

EPSS 0.4606

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (2)

ncomputing/vspace_pro 10

ncomputing/vspace_pro 11

Published Apr 20, 2018

Tracked Since Feb 18, 2026