CVE-2020-37118

LOW 3.5

P5 FNIP-8x16A FNIP-4xSH 1.0.20 - Cross-Site Request Forgery (Add Admin)

CVSS Score

3.5

EPSS Score

0.0%

EPSS Percentile

0th

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted page.

CWE	CWE-352
Vendor	p5
Product	fnip-8x16a
Published	Feb 5, 2026
Last Updated	Apr 7, 2026

Stay Ahead of the Next One

Get instant alerts for p5 fnip-8x16a

Be the first to know when new low vulnerabilities affecting p5 fnip-8x16a are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Affected Versions

P5 / FNIP-8x16A

1.0.20

References

NVD ↗ CVE.org ↗ EPSS Data ↗

zeroscience.mk: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2020-5564.php exploit-db.com: https://www.exploit-db.com/exploits/48362 packetstorm.news: https://packetstorm.news/files/id/157318 exchange.xforce.ibmcloud.com: https://exchange.xforce.ibmcloud.com/vulnerabilities/180253 p5.hu: https://www.p5.hu/ vulncheck.com: https://www.vulncheck.com/advisories/p-fnip-xa-fnip-xsh-cross-site-request-forgery-add-admin

Credits

iej1ctk1g