CVE-2018-25133
Unknown Unknown - Not Provided
CSRF Vulnerability in Synaccess netBooter Allows Admin Account Creation

Publication date: 2025-12-24

Last updated on: 2025-12-24

Assigner: VulnCheck

Description
Synaccess netBooter NP-0801DU 7.4 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages with hidden form submissions to add admin users by tricking authenticated administrators into loading a malicious page.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-24
Last Modified
2025-12-24
Generated
2026-06-16
AI Q&A
2025-12-24
EPSS Evaluated
2026-06-14
NVD
CVE-2018-25133
EUVD
EUVD-2025-205340
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
synaccess netbooter_np-0801duh 7.4
synaccess netbooter_np-0801du 7.4
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Cross-Site Request Forgery (CSRF) in Synaccess netBooter NP-0801DU version 7.4. It allows attackers to perform administrative actions without proper request validation by tricking authenticated administrators into loading a malicious web page. The attacker can craft hidden form submissions that add new admin users silently by exploiting the device's failure to validate HTTP requests properly. [1, 2]

Impact Analysis

The vulnerability can allow an attacker to add unauthorized administrative users to the device remotely if an authenticated administrator visits a malicious website. This can lead to unauthorized control over the device's power distribution functions, potentially disrupting operations or compromising network infrastructure managed by the device. [1, 2]

Detection Guidance

This vulnerability can be detected by monitoring for unauthorized HTTP POST requests to the device's administration page (e.g., http://<device-ip>:8082/adm.htm) that contain form fields attempting to add new administrative users. Network traffic analysis tools can be used to inspect such requests. Additionally, checking the device's admin user list for unexpected new users may indicate exploitation. Specific commands are not provided in the resources, but using tools like curl or browser developer tools to inspect POST requests to the admin interface can help detect suspicious activity. [1, 2]

Mitigation Strategies

Immediate mitigation steps include restricting access to the device's web administration interface to trusted networks or IP addresses, ensuring that administrators do not visit untrusted or malicious websites while logged into the device, and monitoring for unauthorized administrative changes. Since the device does not validate request authenticity, applying network-level protections such as firewall rules or VPN access can reduce exposure. No vendor patch or update information is provided, so these steps are critical to reduce risk. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2018-25133. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart