CVE-2020-37118

LOW

P5 FNIP-8x16A FNIP-4xSH 1.0.20 - CSRF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37118. PoCs published by LiquidWorm.

AI-analyzed exploit summary The exploit demonstrates a CSRF vulnerability in P5 FNIP-8x16A/FNIP-4xSH 1.0.20/1.0.11, allowing an attacker to add an admin user or change the admin password via crafted HTTP POST requests. It also includes an XSS payload to execute arbitrary JavaScript in the context of the affected site.

Description

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted page.

Exploits (1)

exploitdb WORKING POC

by LiquidWorm · textwebappshardware

https://www.exploit-db.com/exploits/48362

View Code ZIP pw:eip

The exploit demonstrates a CSRF vulnerability in P5 FNIP-8x16A/FNIP-4xSH 1.0.20/1.0.11, allowing an attacker to add an admin user or change the admin password via crafted HTTP POST requests. It also includes an XSS payload to execute arbitrary JavaScript in the context of the affected site.

Classification

Working Poc 95%

Attack Type

Xss | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: P5 FNIP-8x16A/FNIP-4xSH 1.0.20, 1.0.11

No auth needed

Prerequisites: Victim must visit a malicious webpage while authenticated to the target device

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (6)

Core 6

Core References

Third Party Advisory technical-description exploit

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5564.php

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/48362

Various Sources exploit

https://packetstorm.news/files/id/157318

Third Party Advisory, VDB Entry third-party-advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/180253

Various Sources product

https://www.p5.hu/

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/p-fnip-xa-fnip-xsh-cross-site-request-forgery-add-admin

Scores

CVSS v3 3.5

EPSS 0.0014

EPSS Percentile 3.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (1)

P5/FNIP-8x16A 1.0.20

Published Feb 05, 2026

Tracked Since Feb 18, 2026