vulnerability
Paessler PRTG Network Monitor: CVE-2018-9276: Improper Neutralization of Special Elements used in an OS Command
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Jul 2, 2018 | Apr 30, 2025 | May 1, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Jul 2, 2018
Added
Apr 30, 2025
Modified
May 1, 2025
Description
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.
Solution
paessler-prtg-network-monitor-upgrade-latest
References
- CVE-2018-9276
- https://attackerkb.com/topics/CVE-2018-9276
- http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html
- https://www.exploit-db.com/exploits/46527/
- http://www.securityfocus.com/archive/1/542103/100/0/threaded
- http://packetstormsecurity.com/files/161183/PRTG-Network-Monitor-Remote-Code-Execution.html
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.