← Back to CVEs
CVE-2018-25134
CRITICAL9.8
Description
Synaccess netBooter NP-02x/NP-08x 6.8 contains an authentication bypass vulnerability in the webNewAcct.cgi script that allows unauthenticated attackers to create admin user accounts. Attackers can exploit the missing control check by sending crafted POST requests to create administrative accounts and gain unauthorized control over power supply management.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published12/24/2025
Last Modified12/29/2025
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-306
References
https://www.exploit-db.com/exploits/45920(disclosure@vulncheck.com)
https://www.synaccess-net.com(disclosure@vulncheck.com)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5500.php(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/45920(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5500.php(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.