CVE-2018-25333

HIGH

Nordex N149/4.0-4.5 Wind Turbine Web Server SQL Injection

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-25333. PoCs published by t4rkd3vilz.

AI-analyzed exploit summary This is a functional SQL injection exploit targeting Nordex N149/4.0-4.5 Wind Turbine Web Server. The PoC demonstrates a time-based blind SQL injection via the login parameter, leveraging error-based techniques to trigger duplicate key errors and extract data.

Description

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloads in the login field to extract sensitive database information and bypass authentication mechanisms.

Exploits (1)

exploitdb WORKING POC

by t4rkd3vilz · textwebappshardware

https://www.exploit-db.com/exploits/44684

View Code ZIP pw:eip

This is a functional SQL injection exploit targeting Nordex N149/4.0-4.5 Wind Turbine Web Server. The PoC demonstrates a time-based blind SQL injection via the login parameter, leveraging error-based techniques to trigger duplicate key errors and extract data.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Nordex N149/4.0-4.5 Wind Turbine Web Server

No auth needed

Prerequisites: network access to the target web server

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed May 17, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit exploit

ExploitDB-44684

https://www.exploit-db.com/exploits/44684

Product product

Official Product Homepage

http://www.nordex-online.com

Third Party Advisory third-party-advisory

VulnCheck Advisory: Nordex N149/4.0-4.5 Wind Turbine Web Server SQL Injection

https://www.vulncheck.com/advisories/nordex-n149-wind-turbine-web-server-sql-injection

Scores

CVSS v3 8.2

EPSS 0.0034

EPSS Percentile 26.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

nordex-online/N149 Wind Turbine Web Server 4.0 - 4.5 (2 CPE variants)

Published May 17, 2026

Tracked Since May 17, 2026