SQL Injection Vulnerability in Nordex N149/4.0-4.5 Wind Turbine Web Server
CVE-2018-25333

8.8HIGH

Key Information:

Vendor

Nordex-online

Status
N149 Wind Turbine Web Server
Vendor
CVE Published:
17 May 2026

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC

What is CVE-2018-25333?

The Nordex N149/4.0-4.5 Wind Turbine Web Server version 4.0 is susceptible to an SQL injection vulnerability that enables unauthenticated attackers to craft malicious SQL queries. By exploiting this weakness through carefully structured POST requests targeting the login.php page, attackers can bypass authentication controls and access sensitive data from the database. This poses significant risks as it may lead to unauthorized access and manipulation of critical information related to wind turbine operations.

Affected Version(s)

N149 Wind Turbine Web Server 4.0 - 4.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2018-25333 - Proof of Concept

References

https://www.exploit-db.com/exploits/44684
exploit
http://www.nordex-online.com
product
https://www.vulncheck.com/advisories/nordex-n149-wind-tur...
third-party-advisory

CVSS V4

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

t4rkd3vilz
.