CVE-2018-9276

CVSS 7.2 HIGHEPSS 87.2%● KEVCWE-78

Vexday Risk Score

100Fix now

SSVC decision (CISA)

Act

Exploitation + impact → act immediately

CVSS 7.2EPSS 87.2%KEV simPoC públicaNuclei —Metasploit simPatch —

Lifecycle

25 Jun 2018Metasploit module available

02 Jul 2018Published on NVD

11 Mar 2019Public PoC

04 Feb 2025Active exploitation (CISA KEV)

Recommendation: Patch as soon as possible — active exploitation confirmed.

In short

PRTG Network Monitor allows administrators with console access to inject and execute arbitrary operating system commands through malformed parameters in sensor or notification settings. This could let a malicious admin take control of the monitoring system and connected devices.

Technical detail

OS command injection vulnerability (CWE-78) in PRTG Network Monitor <18.2.39 affecting sensor and notification management endpoints. Attack vector requires authenticated access with administrative privileges; attacker can inject shell commands via malformed parameters to achieve arbitrary code execution on the server and monitored devices.

Summary generated and translated by AI from the official description.

An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 9

githubgithub.com/wildkindcc/CVE-2018-9276★ 37 githubgithub.com/BardLaudian/CVE_2018_9276★ 0 githubgithub.com/andyfeili/CVE-2018-9276★ 0 githubgithub.com/alvinsmith-eroad/CVE-2018-9276★ 0 githubgithub.com/AC8999/PRTG-Network-Monitor-18.2.38---Authenticated-Remote-Code-Execution-CVE-2018-9276★ 0 cve_referencepacketstormsecurity.com/files/148334/PRTG-Command-Injection.htmlunverified cve_referencewww.exploit-db.com/exploits/46527/unverified cve_referencepacketstormsecurity.com/files/161183/PRTG-Network-Monitor-Remote-Code-Execution.htmlunverified exploitdbwww.exploit-db.com/exploits/46527unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/148334/PRTG-Command-Injection.html http://packetstormsecurity.com/files/161183/PRTG-Network-Monitor-Remote-Code-Execution.html https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-9276 https://www.exploit-db.com/exploits/46527/http://www.securityfocus.com/archive/1/542103/100/0/threaded