CVE-2018-25134

CRITICAL

Synaccess netBooter NP-02x/NP-08x 6.8 - Auth Bypass

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25134. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit demonstrates an authentication bypass vulnerability in Synaccess netBooter devices by leveraging a missing control check in the webNewAcct.cgi script, allowing unauthenticated creation of an admin user account.

Description

Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST requests to create administrative accounts and gain unauthorized control over power supply management.

Exploits (1)

exploitdb WORKING POC
by LiquidWorm · textwebappscgi
https://www.exploit-db.com/exploits/45920

The exploit demonstrates an authentication bypass vulnerability in Synaccess netBooter devices by leveraging a missing control check in the webNewAcct.cgi script, allowing unauthenticated creation of an admin user account.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Synaccess netBooter NP-02x/NP-08x (versions 6.8C, 6.5C, 6.4BC, 6.4A, 6.10, 5.53BC)
No auth needed
Prerequisites: Network access to the target device · Knowledge of the target IP address
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/45920
Various Sources product
https://www.synaccess-net.com
Third Party Advisory third-party-advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5500.php

Scores

CVSS v3 9.8
EPSS 0.0057
EPSS Percentile 42.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact total

Details

CWE
CWE-306
Status published
Products (6)
Synaccess Networks Inc./netBooter NP-02x/NP-08x 5.53BC
Synaccess Networks Inc./netBooter NP-02x/NP-08x 6.10
Synaccess Networks Inc./netBooter NP-02x/NP-08x 6.4A
Synaccess Networks Inc./netBooter NP-02x/NP-08x 6.4BC
Synaccess Networks Inc./netBooter NP-02x/NP-08x 6.5C
Synaccess Networks Inc./netBooter NP-02x/NP-08x 6.8C
Published Dec 24, 2025
Tracked Since Feb 18, 2026