CVE-2018-6941

HIGH

Nat32 - CSRF

Title source: rule

Description

A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS.

Exploits (1)

exploitdb WORKING POC

by hyp3rlinx · textwebappswindows

https://www.exploit-db.com/exploits/44034

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] http://hyp3rlinx.altervista.org/advisories/NAT32-REMOTE-COMMAND-EXECUTION-CSRF-CVE-2018-6941.txt

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/146402/NAT32-Build-22284-Remote-Command-Execution-CSRF.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/44034/

Scores

CVSS v3 8.8

EPSS 0.0255

EPSS Percentile 85.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-352

Status published

Affected Products (1)

nat32/nat32

Timeline

Published Feb 20, 2018

Tracked Since Feb 18, 2026