CVE-2023-32781

HIGH

Paessler PRTG Network Monitor < 23.3.86.1520 - Authenticated Command Injection

Title source: manual
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-32781. Includes Metasploit module exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.

AI-analyzed exploit summary This Metasploit module exploits an authenticated RCE vulnerability in Paessler PRTG by creating a malicious HL7 sensor to write and execute a .bat file on the target system. It includes authentication, CSRF token handling, and cleanup of created sensors.

Description

A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions could abuse the debug option to write new files that could potentially get executed by the EXE/Script sensor. The severity of this vulnerability is high and received a score of 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploits (1)

metasploit WORKING POC EXCELLENT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/http/prtg_authenticated_rce_cve_2023_32781.rb

This Metasploit module exploits an authenticated RCE vulnerability in Paessler PRTG by creating a malicious HL7 sensor to write and execute a .bat file on the target system. It includes authentication, CSRF token handling, and cleanup of created sensors.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Paessler PRTG
Auth required
Prerequisites: Valid PRTG credentials · Network access to PRTG web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 7.2
EPSS 0.1234
EPSS Percentile 95.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-77
Status published
Products (1)
paessler/prtg_network_monitor < 23.3.86.1520
Published Aug 09, 2023
Tracked Since Feb 18, 2026