Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2020-37118

CVE-2020-37118

MEDIUM5.1

P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin)

Published Feb 5, 2026

Modified 1 months ago

Details

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted page.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/180253

https://packetstorm.news/files/id/157318

https://www.cve.org/CVERecord?id=CVE-2020-37118

https://www.exploit-db.com/exploits/48362

https://www.p5.hu/

https://www.vulncheck.com/advisories/p-fnip-xa-fnip-xsh-cross-site-request-forgery-add-admin

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5564.php

CVSS Analysis

CVSS v4.0

5.1

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

NonePR:N

User Interaction

ActiveUI:A

Vulnerable System

Vuln. Confidentiality

NoneVC:N

Vuln. Integrity

LowVI:L

Vuln. Availability

NoneVA:N

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

5.1/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Weakness Type (CWE)

Authentication

Cross-Site Request Forgery (CSRF)

Ecosystems

Timeline

PublishedFeb 5, 2026

ModifiedFeb 6, 2026

CVE-2020-37118 | Mondoo Vulnerability Intelligence