Paessler Network Monitor
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Paessler Network Monitor.
By the Year
In 2026 there have been 0 vulnerabilities in Paessler Network Monitor. Network Monitor did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 7.20 |
| 2019 | 0 | 0.00 |
| 2018 | 2 | 8.15 |
It may take a day or so for new Network Monitor vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Paessler Network Monitor Security Vulnerabilities
A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below
CVE-2019-11074
7.2 - High
- March 17, 2020
A Write to Arbitrary Location in Disk vulnerability exists in PRTG Network Monitor 19.1.49 and below that allows attackers to place files in arbitrary locations with SYSTEM privileges (although not controlling the contents of such files) due to insufficient sanitisation when passing arguments to the phantomjs.exe binary. In order to exploit the vulnerability, remote authenticated administrators need to create a new HTTP Full Web Page Sensor and set specific settings when executing the sensor.
Unrestricted File Upload
PRTG Network Monitor before 18.2.41.1652
CVE-2018-19203
7.5 - High
- November 12, 2018
PRTG Network Monitor before 18.2.41.1652 allows remote unauthenticated attackers to terminate the PRTG Core Server Service via a special HTTP request.
PRTG Network Monitor before 18.3.44.2054
CVE-2018-19204
8.8 - High
- November 12, 2018
PRTG Network Monitor before 18.3.44.2054 allows a remote authenticated attacker (with read-write privileges) to execute arbitrary code and OS commands with system privileges. When creating an HTTP Advanced Sensor, the user's input in the POST parameter 'proxyport_' is mishandled. The attacker can craft an HTTP request and override the 'writeresult' command-line parameter for HttpAdvancedSensor.exe to store arbitrary data in an arbitrary place on the file system. For example, the attacker can create an executable file in the \Custom Sensors\EXE directory and execute it by creating EXE/Script Sensor.
Improper Input Validation
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Paessler Network Monitor or by Paessler? Click the Watch button to subscribe.
