M4Lv0

**Name of the Vulnerable Software and Affected Versions** PRTG Network Monitor versions prior to 18.2.39 **Description** An issue was discovered that allows an attacker with access to the PRTG System Administrator web console and administrative privileges to exploit an OS command injection vulnerability. This can be done by sending malformed parameters in sensor or notification management scenarios, affecting both the server and devices. **Recommendations** For versions prior to 18.2.39, update to version 18.2.39 or later to resolve the issue. As a temporary workaround, consider restricting access to the PRTG System Administrator web console to minimize the risk of exploitation. Avoid using malformed parameters in sensor or notification management scenarios until the issue is resolved.