CVE-2018-19410

CRITICAL KEV NUCLEI

PRTG Network Monitor <18.2.40.1683 - Local File Inclusion

Title source: llm

Exploitation Summary

CVE-2018-19410 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added February 4, 2025. EIP tracks 1 public exploit from researchers including himash. A Nuclei detection template is also available.

AI-analyzed exploit summary This PoC exploits an authentication bypass vulnerability in PRTG Network Monitor by manipulating the 'include' directive to execute '/api/addusers.htm', allowing unauthenticated user creation with administrative privileges.

Description

PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator).

Exploits (1)

nomisec WORKING POC 3 stars

by himash · remote

https://github.com/himash/CVE-2018-19410-POC

View Code ZIP pw:eip

This PoC exploits an authentication bypass vulnerability in PRTG Network Monitor by manipulating the 'include' directive to execute '/api/addusers.htm', allowing unauthenticated user creation with administrative privileges.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: PRTG Network Monitor (18.2.39.1661 and earlier)

No auth needed

Prerequisites: Network access to the target · PRTG Network Monitor instance running a vulnerable version

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

PRTG Network Monitor - Local File Inclusion

CRITICALVERIFIEDby DhiyaneshDK

Shodan: http.favicon.hash:"-655683626" || http.title:"prtg"

FOFA: icon_hash=-655683626 || title="prtg"

References (2)

Core 2

Core References

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19410

Third Party Advisory x_refsource_misc

https://www.ptsecurity.com/ww-en/analytics/threatscape/pt-2018-24/

Scores

CVSS v3 9.8

EPSS 0.8565

EPSS Percentile 99.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2025-02-04

VulnCheck KEV 2025-02-04

ENISA EUVD EUVD-2018-11103

Status published

Products (1)

paessler/prtg_network_monitor < 18.2.40.1683

Published Nov 21, 2018

KEV Added Feb 04, 2025

Tracked Since Feb 18, 2026