CVE-2018-25134

CRITICAL

Synaccess netBooter NP-02x/NP-08x 6.8 - Auth Bypass

Title source: llm

Description

Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST requests to create administrative accounts and gain unauthorized control over power supply management.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappscgi

https://www.exploit-db.com/exploits/45920

View Code ZIP pw:eip

References (3)

[Various Sources] https://www.synaccess-net.com

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/45920

[Third Party Advisory] https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5500.php

Scores

CVSS v3 9.8

EPSS 0.0041

EPSS Percentile 61.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-306

Status published

Products (6)

Synaccess Networks Inc./netBooter NP-02x/NP-08x 5.53BC

Synaccess Networks Inc./netBooter NP-02x/NP-08x 6.10

Synaccess Networks Inc./netBooter NP-02x/NP-08x 6.4A

Synaccess Networks Inc./netBooter NP-02x/NP-08x 6.4BC

Synaccess Networks Inc./netBooter NP-02x/NP-08x 6.5C

Synaccess Networks Inc./netBooter NP-02x/NP-08x 6.8C

Published Dec 24, 2025

Tracked Since Feb 18, 2026