Paessler Prtg_network_monitor
39 CVEs affecting Paessler Prtg_network_monitor. Latest disclosed: 2026-01-14. Critical: 2, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-10374 | Critical | 9.8 | 2020-03-30 | A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or th… |
CVE-2018-19410 | Critical | 9.8 | 2018-11-21 | PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including administrator). A remote… |
CVE-2023-31452 | High | 8.8 | 2023-08-09 | A cross-site request forgery (CSRF) token bypass was identified in PRTG 23.2.84.1566 and earlier versions that allows remote attackers to perform actions with… |
CVE-2018-19411 | High | 8.8 | 2018-11-21 | PRTG Network Monitor before 18.2.40.1683 allows an authenticated user with a read-only account to create another user with a read-write account (including admi… |
CVE-2018-19204 | High | 8.8 | 2018-11-12 | PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with sys… |
CVE-2018-19203 | High | 7.5 | 2018-11-12 | PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated attackers to terminate the PRTG Core Server Service via a special HTTP request. |
CVE-2018-10253 | High | 7.5 | 2018-04-21 | Paessler PRTG Network Monitor before 18.1.39.1648 mishandles stack memory during unspecified API calls. |
CVE-2023-32782 | High | 7.2 | 2023-08-09 | A command injection was identified in PRTG 23.2.84.1566 and earlier versions in the Dicom C-ECHO sensor where an authenticated user with write permissions coul… |
CVE-2023-32781 | High | 7.2 | 2023-08-09 | A command injection vulnerability was identified in PRTG 23.2.84.1566 and earlier versions in the HL7 sensor where an authenticated user with write permissions… |
CVE-2019-11074 | High | 7.2 | 2020-03-17 | A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary location… |
CVE-2019-11073 | High | 7.2 | 2020-03-16 | A Remote Code Execution vulnerability exists in PRTG Network Monitor before 19.4.54.1506 that allows attackers to execute code due to insufficient sanitization… |
CVE-2018-9276 | High | 7.2 | 2018-07-02 | An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative pri… |
CVE-2017-15651 | Medium | 6.7 | 2017-10-20 | PRTG Network Monitor 17.3.33.2830 allows remote authenticated administrators to execute arbitrary code by uploading a .exe file and then proceeding in spite of… |
CVE-2025-67835 | Medium | 6.5 | 2026-01-14 | Paessler PRTG Network Monitor before 25.4.114 allows Denial-of-Service (DoS) by an authenticated attacker via the Notification Contacts functionality. |
CVE-2017-15917 | Medium | 6.5 | 2017-10-26 | In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server. |
CVE-2015-7743 | Medium | 6.5 | 2017-01-23 | XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new… |
CVE-2025-67833 | Medium | 6.1 | 2026-01-14 | Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter. |
CVE-2024-12833 | Medium | 6.1 | 2025-02-11 | Paessler PRTG Network Monitor SNMP Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass aut… |
CVE-2023-51630 | Medium | 6.1 | 2024-02-08 | Paessler PRTG Network Monitor Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on… |
CVE-2019-9207 | Medium | 6.1 | 2019-12-31 | PRTG Network Monitor v7.1.3.3378 allows XSS via the /search.htm searchtext parameter. NOTE: This product is discontinued. |