Synaccess netBooter NP-02
0 remedies
0 remedies
- NP-0201D (ver 6.8C)
- NP-02 (ver 6.5C)
- NP-02 (ver 6.4BC)
- NP-02 (ver 5.53BC)
Synaccess netBooter NP-02x/NP-08x Authentication Bypass Vulnerability Allowing Unauthenticated Admin Account Creation
Vulnerability
An authentication bypass vulnerability has been identified in Synaccess netBooter NP-02x and NP-08x models running version 6.8. The issue resides in the webNewAcct.cgi script, where the absence of proper control checks allows unauthenticated attackers to create admin user accounts. Exploiting this vulnerability enables unauthorized control over power supply management, including the ability to turn off power to connected resources.
Impact
Exploitation of this vulnerability allows for authentication bypass, enabling the creation of admin accounts and unauthorized access to power management controls.
Reproduction
The vulnerability can be reproduced by sending a POST request to the webNewAcct.cgi script with the desired username and password. This can be done using a tool like curl.
Added: Dec 24, 2025, 8:51 PM
Updated: Dec 24, 2025, 9:53 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
7.5exploitability
8.7remediation
0.0relevance
1.5threat
6.4urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.