🔴 CVE-2018-19410

Critical authentication bypass in PRTG Network Monitor allowing remote unauthenticated attackers to create administrator accounts via Local File Inclusion. Exploitation requires only crafting HTTP requests to the publicly accessible web interface.

← Back to Overview
HIGH_RISK
Risk Level
9.8
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2018-11-21

Added to CISA KEV: 2025-02-04 2267 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2018-19410 is a high-severity security vulnerability affecting PRTG Network Monitor versions prior to 18.2.40.1683 [1].

Vulnerability Overview and Impact
The vulnerability allows a remote, unauthenticated attacker to create new user accounts with read-write privileges, including full administrative access [1] [5]. By successfully exploiting this flaw, an attacker can gain unauthorized control over the PRTG Network Monitor instance, which often serves as a central point for monitoring critical infrastructure and network devices [5].
Attack Method and Requirements
  • Access Vector: Remote [4].
  • Authentication: Unauthenticated (no prior access required) [1].
  • Exploitation Method: Attackers exploit the vulnerability by forging specific HTTP requests to the target system?lang=en?kagi_q=CVE-2018-19410+details+exploitation+impact+affected+versions. It has been described in technical analyses as involving Local File Inclusion (LFI) mechanisms to facilitate the unauthorized user creation[2].
Exploitation in the Wild and Usage
  • Active Exploitation: There is no widespread evidence suggesting this CVE is currently a primary target for mass-scale ransomware campaigns or high-profile APT groups in the current threat landscape. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog [3].
  • PoC Availability: Proof-of-concept (PoC) exploit code is publicly available on platforms such as GitHub, which demonstrates the ability to create unauthorized administrative users [4].
Mitigation and Patch Status
  • Affected Versions: All versions of PRTG Network Monitor prior to 18.2.40.1683 are vulnerable [1].
  • Mitigation: The vulnerability was addressed by the vendor in version 18.2.40.1683. Users running older versions are strongly advised to upgrade to the latest available version of PRTG Network Monitor to fully mitigate this and other potential security risks.

Sources

  1. CVE-2018-19410 Detail - NVD

    PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator).

  2. Building an exploit for CVE-2018-19410 | by Quan Doan

    Building an exploit for CVE-2018-19410 I recently completed a freelance penetration testing project, which was “a tough one”, as the client ... According to CVE Details, this version suffers from some critical vulnerabilities, including Remote Code Execution. It sounds great.But CVE-2018-19410, an u…

  3. NVD - cve-2018-19410

    Reference. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19410.Removed. Reference. https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2018-19410.

  4. Proof of concept for the vulnerability CVE-2018-19410 - GitHub

    Details PRTG Network Monitor Version: 18.2.39.1661 and earlier Severity level: High Impact: Authentication Bypass, Improper Authorization, Local File Inclusion Access Vector: Remote The vulnerability permits remote and unauthenticated attackers to generate users with read-write privileges, including…

  5. CVE-2018-19410: Vulnerability in PRTG Network Monitor

    The Impact of CVE-2018-19410. The exploitation of this vulnerability can lead to the unauthorized creation of users with elevated privileges, posing a significant security risk to affected systems. Attackers could potentially gain full administrator access through this exploit.Product: PRTG Network…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed