Plattform
other
Komponente
p5-fnip
Behoben in
1.0.21
CVE-2020-37118 describes a cross-site request forgery (XSRF) vulnerability affecting P5 FNIP-8x16A FNIP-4xSH devices running version 1.0.20. This vulnerability allows attackers to execute unauthorized administrative actions by tricking authenticated users into unknowingly submitting malicious requests. The vulnerability was published on 2026-02-05, and a fix is recommended to prevent exploitation.
The CSRF vulnerability in P5 FNIP-8x16A FNIP-4xSH allows an attacker to leverage the authenticated session of a legitimate user to perform actions as if they were the user. This means an attacker could craft malicious web pages that, when visited by an authenticated administrator, would silently execute commands such as adding new administrator accounts, modifying existing user passwords, or altering system configurations. The attacker does not need to know the administrator's credentials, only that the user is logged in. Successful exploitation could grant the attacker complete control over the affected device, enabling them to monitor network traffic, modify device behavior, or even exfiltrate sensitive data. While the CVSS score is LOW, the potential for unauthorized administrative access makes this a serious concern.
CVE-2020-37118 was published on 2026-02-05. There is no indication of active exploitation or KEV listing at this time. Public proof-of-concept (PoC) code is not currently available, but the CSRF nature of the vulnerability means that exploitation is relatively straightforward if an attacker can craft a convincing phishing campaign or trick a user into visiting a malicious page.
Organizations utilizing P5 FNIP-8x16A FNIP-4xSH devices running version 1.0.20 are at risk. This includes deployments where administrative access is web-based and user authentication practices are not sufficiently robust to prevent XSRF attacks. Environments with shared hosting or where user accounts have broad administrative privileges are particularly vulnerable.
disclosure
Exploit-Status
EPSS
0.02% (5% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2020-37118 is to upgrade to a patched version of P5 FNIP-8x16A FNIP-4xSH. If upgrading is not immediately feasible, implement a Web Application Firewall (WAF) to filter requests and validate user input. Configure the WAF to block requests that lack proper CSRF tokens or originate from untrusted sources. Additionally, consider implementing stricter authentication policies, such as multi-factor authentication (MFA), to further reduce the risk of unauthorized access. Review and restrict administrative privileges to the minimum necessary level. After upgrade, confirm by attempting to perform administrative actions via a web browser and verifying that the actions are properly authenticated and require explicit user confirmation.
Actualice el dispositivo FNIP-8x16A FNIP-4xSH a una versión corregida que solucione la vulnerabilidad de Cross-Site Request Forgery (CSRF). Consulte la documentación del proveedor P5 para obtener instrucciones específicas de actualización y las versiones disponibles.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2020-37118 is a cross-site request forgery vulnerability in P5 FNIP-8x16A FNIP-4xSH version 1.0.20, allowing attackers to perform admin actions without user interaction.
You are affected if you are using P5 FNIP-8x16A FNIP-4xSH version 1.0.20 and have not upgraded to a patched version.
Upgrade to a patched version of P5 FNIP-8x16A FNIP-4xSH. If immediate upgrade is not possible, implement stricter authentication and input validation.
There is no confirmed active exploitation at this time, but the vulnerability's nature makes it a potential target.
Refer to the P5 security advisory published on 2026-02-05 for detailed information and mitigation guidance.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.