CVE-2018-6941

HIGH

nat32 v2.2 Build 22284 - Cross-Site Request Forgery via /shell?cmd= Endpoint

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-6941. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit leverages a CSRF vulnerability in NAT32's HTTPD component to execute arbitrary system commands via a crafted URL. The PoC demonstrates adding a user through a malicious link, requiring an authenticated user to click it.

Description

A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS.

Exploits (1)

exploitdb WORKING POC
by hyp3rlinx · textwebappswindows
https://www.exploit-db.com/exploits/44034

This exploit leverages a CSRF vulnerability in NAT32's HTTPD component to execute arbitrary system commands via a crafted URL. The PoC demonstrates adding a user through a malicious link, requiring an authenticated user to click it.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: NAT32 v2.2 Build 22284
Auth required
Prerequisites: Authenticated NAT32 user session · User interaction (clicking a malicious link)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44034/

Scores

CVSS v3 8.8
EPSS 0.0362
EPSS Percentile 88.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352
Status published
Products (1)
nat32/nat32 2.2
Published Feb 20, 2018
Tracked Since Feb 18, 2026