CVE-2018-25133
CSRF Vulnerability in Synaccess netBooter Allows Admin Account Creation
Publication date: 2025-12-24
Last updated on: 2025-12-24
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| synaccess | netbooter_np-0801duh | 7.4 |
| synaccess | netbooter_np-0801du | 7.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) in Synaccess netBooter NP-0801DU version 7.4. It allows attackers to perform administrative actions without proper request validation by tricking authenticated administrators into loading a malicious web page. The attacker can craft hidden form submissions that add new admin users silently by exploiting the device's failure to validate HTTP requests properly. [1, 2]
How can this vulnerability impact me? :
The vulnerability can allow an attacker to add unauthorized administrative users to the device remotely if an authenticated administrator visits a malicious website. This can lead to unauthorized control over the device's power distribution functions, potentially disrupting operations or compromising network infrastructure managed by the device. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized HTTP POST requests to the device's administration page (e.g., http://<device-ip>:8082/adm.htm) that contain form fields attempting to add new administrative users. Network traffic analysis tools can be used to inspect such requests. Additionally, checking the device's admin user list for unexpected new users may indicate exploitation. Specific commands are not provided in the resources, but using tools like curl or browser developer tools to inspect POST requests to the admin interface can help detect suspicious activity. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the device's web administration interface to trusted networks or IP addresses, ensuring that administrators do not visit untrusted or malicious websites while logged into the device, and monitoring for unauthorized administrative changes. Since the device does not validate request authenticity, applying network-level protections such as firewall rules or VPN access can reduce exposure. No vendor patch or update information is provided, so these steps are critical to reduce risk. [1, 2]