← Back to CVEs
CVE-2018-9276
HIGHCISA KEV7.2
Description
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.
CVE Details
CVSS v3.1 Score7.2
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredHIGH
User InteractionNONE
Published7/2/2018
Last Modified11/6/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorPaessler
ProductPRTG Network Monitor
Vulnerability NamePaessler PRTG Network Monitor OS Command Injection Vulnerability
KEV Date Added2025-02-04
Remediation Due Date2025-02-25
Ransomware UseUnknown
Affected Products
paessler:prtg_network_monitor
Weaknesses (CWE)
CWE-78CWE-78
References
http://packetstormsecurity.com/files/161183/PRTG-Network-Monitor-Remote-Code-Execution.html(cve@mitre.org)
http://www.securityfocus.com/archive/1/542103/100/0/threaded(cve@mitre.org)
https://www.exploit-db.com/exploits/46527/(cve@mitre.org)
http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/161183/PRTG-Network-Monitor-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/542103/100/0/threaded(af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/46527/(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-9276(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.