CVE-2018-25133

The Synaccess netBooter NP-0801DU (firmware 7.4) is vulnerable to cross-site request forgery (CSRF) due to the absence of request validation tokens in its web interface [1]. The application does not verify the origin or intent of HTTP requests, allowing unauthorized state changes.

An attacker can exploit this by crafting a malicious HTML page that silently submits a POST request to the device's /adm.htm endpoint [3]. The form includes parameters to add a new administrative user (e.g., "add1" for username, "add2" for password) [3]. Exploitation requires an authenticated administrator to visit the attacker-controlled page; the request is executed in the admin's session.

Successful exploitation grants the attacker administrative access to the netBooter PDU [1]. This allows control over power outlets, device settings, and network configurations, potentially leading to denial of service or further compromise of connected equipment.

The vulnerability was reported in 2018 [1]. Synaccess has since released newer product lines (SynLink SP and netBooter DX series) that likely address such issues, but the NP-0801DU may remain unpatched [2]. Users should isolate legacy devices from untrusted networks or migrate to supported hardware.