CVE-2018-25133

MEDIUM

Synaccess netBooter NP-0801DU 7.4 - CSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25133. PoCs published by LiquidWorm.

AI-analyzed exploit summary This exploit demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in Synaccess netBooter NP-0801DU 7.4, allowing an attacker to add an admin user by tricking a logged-in user into submitting a malicious form.

Description

Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages with hidden form submissions to add admin users by tricking authenticated administrators into loading a malicious page.

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · textwebappshardware
https://www.exploit-db.com/exploits/45894

This exploit demonstrates a Cross-Site Request Forgery (CSRF) vulnerability in Synaccess netBooter NP-0801DU 7.4, allowing an attacker to add an admin user by tricking a logged-in user into submitting a malicious form.

Classification
Working Poc 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: Synaccess netBooter NP-0801DU (HW6.0 BL1.5 FW7.23 WF7.4)
Auth required
Prerequisites: Victim must be authenticated and visit a malicious webpage
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/45894
Various Sources product
https://www.synaccess-net.com
Third Party Advisory third-party-advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5501.php

Scores

CVSS v3 4.3
EPSS 0.0014
EPSS Percentile 4.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Products (1)
Synaccess Networks Inc./netBooter NP-0801DU 7.4
Published Dec 24, 2025
Tracked Since Feb 18, 2026