Platform
other
Component
p5-fnip
Fixed in
1.0.21
CVE-2020-37118 describes a cross-site request forgery (XSRF) vulnerability affecting P5 FNIP-8x16A FNIP-4xSH devices running version 1.0.20. This vulnerability allows attackers to execute unauthorized administrative actions by tricking authenticated users into unknowingly submitting malicious requests. The vulnerability was published on 2026-02-05, and a fix is recommended to prevent exploitation.
An attacker exploiting CVE-2020-37118 can leverage XSRF to perform actions as an authenticated administrator without requiring any user interaction. This includes adding new administrator accounts, modifying existing user passwords, and altering system configurations. Successful exploitation could lead to complete compromise of the FNIP device, allowing the attacker to control its functionality and potentially access sensitive data. The blast radius extends to any data processed or managed by the FNIP device, and the impact is amplified if the device is part of a larger, interconnected system.
The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept (PoC) code is not widely available, suggesting a low probability of immediate widespread exploitation. However, the ease of exploitation inherent in XSRF vulnerabilities means that it could become a target for automated attacks if a PoC is released. The NVD entry was published on 2026-02-05.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2020-37118 is to upgrade to a patched version of P5 FNIP-8x16A FNIP-4xSH. If upgrading immediately is not feasible, implement stricter user authentication measures, such as multi-factor authentication (MFA), to reduce the likelihood of successful exploitation. Additionally, implement robust input validation and output encoding to prevent malicious data from being processed. Consider using a Web Application Firewall (WAF) with XSRF protection rules to filter out malicious requests. After upgrade, confirm functionality by attempting to perform administrative actions and verifying that they require proper authentication.
Update the FNIP-8x16A FNIP-4xSH device to a patched version that addresses the Cross-Site Request Forgery (CSRF) vulnerability. Refer to the P5 vendor documentation for specific upgrade instructions and available versions.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2020-37118 is a cross-site request forgery vulnerability in P5 FNIP-8x16A FNIP-4xSH version 1.0.20, allowing attackers to perform admin actions without user interaction.
You are affected if you are using P5 FNIP-8x16A FNIP-4xSH version 1.0.20 and have not upgraded to a patched version.
Upgrade to a patched version of P5 FNIP-8x16A FNIP-4xSH. If immediate upgrade is not possible, implement stricter authentication and input validation.
There is no confirmed active exploitation at this time, but the vulnerability's nature makes it a potential target.
Refer to the P5 security advisory published on 2026-02-05 for detailed information and mitigation guidance.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.