CyberSec.Space Logo
Back to CVE Browser

CVE-2018-9276

Known Exploited (CISA KEV)HIGH
7.2
CVSS Severity Score
EPSS Score89.0590%
EPSS Percentile96.43th
PublishedJul 2, 2018
Last ModifiedNov 6, 2025

Vulnerability Description

An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.

Affected Platforms (CPE)

πŸ“¦
Paessler

Prtg Network Monitor

< 18.2.39
πŸ“¦
Paessler

Prtg Network Monitor

> 19.3.52 and < 21.2.68

References & Advisories

πŸ”— http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html
πŸ”— http://packetstormsecurity.com/files/161183/PRTG-Network-Monitor-Remote-Code-Execution.html
πŸ”— http://www.securityfocus.com/archive/1/542103/100/0/threaded
πŸ”— https://www.exploit-db.com/exploits/46527/
πŸ”— http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html
πŸ”— http://packetstormsecurity.com/files/161183/PRTG-Network-Monitor-Remote-Code-Execution.html
πŸ”— http://www.securityfocus.com/archive/1/542103/100/0/threaded
πŸ”— https://www.exploit-db.com/exploits/46527/

Related Vulnerabilities

CVE-2020-103749.8

A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via...

CVE-2018-194109.8

PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (inclu...

CVE-2018-192048.8

PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary ...

CVE-2018-194118.8

PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-...