Lucene search

MitreCVE-2023-42336

HistorySep 16, 2023 - 1:15 a.m.

CVE-2023-42336

2023-09-1601:15:08

CWE-798

mitre

web.nvd.nist.gov

cve-2023-42336

netis systems

wf2409ev4

remote code execution

sensitive information disclosure

nvd

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.003

Percentile

70.2%

JSON

An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component.

Affected configurations

Nvd

Node

netis-systemswf2409e_firmwareMatch1.0.1.705

AND

netis-systemswf2409eMatchv4

VendorProductVersionCPE
netis-systemswf2409e_firmware1.0.1.705cpe:2.3:o:netis-systems:wf2409e_firmware:1.0.1.705:*:*:*:*:*:*:*
netis-systemswf2409ev4cpe:2.3:h:netis-systems:wf2409e:v4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netis-systems	wf2409e_firmware	1.0.1.705	cpe:2.3:o:netis-systems:wf2409e_firmware:1.0.1.705:::::::*
netis-systems	wf2409e	v4	cpe:2.3:h:netis-systems:wf2409e:v4:::::::*

References

github.com/adhikara13/CVE/blob/main/netis_WF2409E/Root_Hard_Code.md

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.003

Percentile

70.2%

JSON

Related for CVE-2023-42336