CVE-2020-37118 | THREATINT

Description

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted page.

PUBLISHED Reserved 2026-02-03 | Published 2026-02-05 | Updated 2026-02-06 | Assigner VulnCheck

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

LOW: 3.5CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Problem types

Cross-Site Request Forgery (CSRF)

Product status

1.0.20

affected

Credits

iej1ctk1g finder

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5564.php (Zero Science Lab Disclosure (ZSL-2020-5564)) technical-description exploit

www.exploit-db.com/exploits/48362 (ExploitDB-48362) exploit

packetstorm.news/files/id/157318 (Packet Storm Entry) exploit

exchange.xforce.ibmcloud.com/vulnerabilities/180253 (IBM X-Force Vulnerability Report) third-party-advisory

www.p5.hu/ (P5 Vendor Homepage) product

www.vulncheck.com/...sh-cross-site-request-forgery-add-admin (VulnCheck Advisory: P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin)) third-party-advisory

cve.org (CVE-2020-37118)

nvd.nist.gov (CVE-2020-37118)

Download JSON