H3-2022-0030¶

Unauthenticated Access to Paessler PRTG Network Monitor

Description¶

The PRTG Network Monitor application requires no authentication to access.

Impact¶

An unauthenticated attacker can access potentially sensitive information within the dashboards and view network data. Depending on the version of the application it could also lead to remote code execution.

References¶

• PRTG Manual: Access Rights Management
• How to manage user access rights
• CWE-306: Missing Authentication for Critical Function