CVE-2018-25134

CRITICAL

Synaccess netBooter NP-02x/NP-08x 6.8 - Auth Bypass

Title source: llm

Description

Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST requests to create administrative accounts and gain unauthorized control over power supply management.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappscgi

https://www.exploit-db.com/exploits/45920

View Code ZIP pw:eip

References (3)

[Various Sources] https://www.synaccess-net.com

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/45920

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5500.php

Scores

CVSS v3 9.8

EPSS 0.0035

EPSS Percentile 57.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-306

Status draft

Timeline

Published Dec 24, 2025

Tracked Since Feb 18, 2026