← Advisories

Synaccess netBooter NP-02x/NP-08x 6.8 Authentication Bypass

Critical
Advisory ID
ZSL-2018-5500
Release Date
17 November 2018
Vendor
Synaccess Networks Inc. - https://www.synaccess-net.com
Affected Version
NP-0201D (ver 6.8C), NP-02 (ver 6.5C), NP-02 (ver 6.4BC), NP-0801D (ver 6.4A), NP-08 (ver 6.10), NP-02 (ver 5.53BC)
CVE
CVE-2018-25134
Tested On
Synaccess server
Summary

netBooterâ„¢ NP-02B and NP-02BH provide independent control of one or two outlets in a small, robust form factor. Manageable via TCP/IP network or direct serial connection and 1U brackets (optional) for mounting. Control power to your devices with the ability to fit just about anywhere

netBooterâ„¢ NP-0801DU and NP-0801DUH PDUs provide secured remote power source management of 8 independent outlets. Includes true RMS AC current reading and environment temperature monitoring* via TCP/IP networks or local direct connection.

Description

netBooter suffers from an authentication bypass vulnerability due to missing control check when calling webNewAcct.cgi script while creating users. This allows an unauthenticated attacker to create admin user account and bypass authentication giving her the power to turn off a power supply to a resource.

Proof of Concept
netbooter_auth.txtTXT
Disclosure Timeline
05.11.2018Vulnerability discovered.
06.11.2018Vendor contacted.
16.11.2018No response from the vendor.
17.11.2018Public security advisory released.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]https://packetstormsecurity.com/files/150396
[2]https://exchange.xforce.ibmcloud.com/vulnerabilities/153124
[3]https://cxsecurity.com/issue/WLB-2018110158
[4]https://www.exploit-db.com/exploits/45920
[5]https://www.cve.org/CVERecord?id=CVE-2018-25134
Changelog
17.11.2018Initial release
20.11.2018Added reference [1] and [2]
23.11.2018Added reference [3]
01.12.2018Added reference [4]
21.03.2026Added reference [5]