PRTG Network Monitor up to 18.2.40 /public/login.htm HTTP Request access control
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.9 | $0-$5k | 0.00 |
Summary
A vulnerability was found in PRTG Network Monitor up to 18.2.40. It has been classified as critical. Impacted is an unknown function of the file /public/login.htm. The manipulation as part of HTTP Request leads to access control. This vulnerability is referenced as CVE-2018-19410. Remote exploitation of the attack is possible. Furthermore, an exploit is available. Upgrading the affected component is recommended.
Details
A vulnerability, which was classified as critical, has been found in PRTG Network Monitor up to 18.2.40 (Network Management Software). This issue affects an unknown code block of the file /public/login.htm. The manipulation as part of a HTTP Request leads to a access control vulnerability. Using CWE to declare the problem leads to CWE-264. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local File Inclusion attack, by including /api/addusers and executing it. By providing the 'id' and 'users' parameters, an unauthenticated attacker can create a user with read-write privileges (including administrator).
The bug was discovered 10/26/2018. The weakness was published 11/21/2018 (Website). It is possible to read the advisory at ptsecurity.com. The identification of this vulnerability is CVE-2018-19410 since 11/21/2018. The exploitation is known to be easy. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details as well as a exploit are known. The attack technique deployed by this issue is T1068 according to MITRE ATT&CK.
It is declared as attacked. The vulnerability was handled as a non-public zero-day exploit for at least 26 days. During that time the estimated underground price was around $0-$5k. By approaching the search of inurl:public/login.htm it is possible to find vulnerable targets with Google Hacking. The vulnerability scanner Nessus provides a plugin with the ID 277614 (Paessler PRTN Network Monitor < 18.2.40.1683 Local File Inclusion (CVE-2018-19410)), which helps to determine the existence of the flaw in a target environment. The commercial vulnerability scanner Qualys is able to test this issue with plugin 13352 (PRTG Network Monitor Multiple Vulnerabilites). The CISA Known Exploited Vulnerabilities Catalog lists this issue since 02/04/2025 with a due date of 02/25/2025:
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.Upgrading to version 18.2.40.1683 eliminates this vulnerability.
The vulnerability is also documented in the vulnerability database at Tenable (277614). Similar entry is available at VDB-127056. Be aware that VulDB is the high quality source for vulnerability data.
Product
Type
Name
Version
- 18.2.0
- 18.2.1
- 18.2.2
- 18.2.3
- 18.2.4
- 18.2.5
- 18.2.6
- 18.2.7
- 18.2.8
- 18.2.9
- 18.2.10
- 18.2.11
- 18.2.12
- 18.2.13
- 18.2.14
- 18.2.15
- 18.2.16
- 18.2.17
- 18.2.18
- 18.2.19
- 18.2.20
- 18.2.21
- 18.2.22
- 18.2.23
- 18.2.24
- 18.2.25
- 18.2.26
- 18.2.27
- 18.2.28
- 18.2.29
- 18.2.30
- 18.2.31
- 18.2.32
- 18.2.33
- 18.2.34
- 18.2.35
- 18.2.36
- 18.2.37
- 18.2.38
- 18.2.39
- 18.2.40
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.0VulDB Meta Temp Score: 8.9
VulDB Base Score: 7.3
VulDB Temp Score: 7.0
VulDB Vector: 🔍
VulDB Reliability: 🔍
NVD Base Score: 9.8
NVD Vector: 🔍
CNA Base Score: 9.8
CNA Vector: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Access controlCWE: CWE-264
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Attacked
Google Hack: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
KEV Added: 🔍
KEV Due: 🔍
KEV Remediation: 🔍
KEV Ransomware: 🔍
KEV Notice: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 277614
Nessus Name: Paessler PRTN Network Monitor < 18.2.40.1683 Local File Inclusion (CVE-2018-19410)
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: PRTG Network Monitor 18.2.40.1683
Timeline
10/26/2018 🔍11/21/2018 🔍
11/21/2018 🔍
11/21/2018 🔍
11/22/2018 🔍
12/09/2025 🔍
Sources
Advisory: ptsecurity.comStatus: Confirmed
CVE: CVE-2018-19410 (🔍)
GCVE (CVE): GCVE-0-2018-19410
GCVE (VulDB): GCVE-100-127055
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 11/22/2018 08:00Updated: 12/09/2025 05:20
Changes: 11/22/2018 08:00 (65), 04/14/2020 12:53 (1), 02/04/2025 18:45 (28), 02/05/2025 01:47 (12), 02/18/2025 17:03 (1), 12/09/2025 05:20 (2)
Complete: 🔍
Cache ID: 216::103
Be aware that VulDB is the high quality source for vulnerability data.
No comments yet. Languages: en.
Please log in to comment.