PRTG-Network-Monitor-Information-Disclosure

Share on facebook
Share on google
Share on twitter
Share on linkedin

 

Overview :
PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.

CVE-2020-11547

 

PRTG-Network-Monitor-Information-Disclosure

Remote unauthenticated user can craft an HTTP request in /public/login.htm or /index.htm by providing the ‘type’ parameter.

Example: http://127.0.0.1/public/login.htm?type=cpuload

replace cpuload by any of the following to get diferent info

  • version
  • cpuload
  • dnsname
  • serverhttpurl
  • windowsversion
  • systemid
  • treestat
  • memory
  • requests
  • screenshot
  • lastsync
  • probes
  • warnings

Recent Posts

Follow Us

Web Application Firewall Solution

Sign up for our Newsletter

Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit