Lucene search

[email protected]NVD:CVE-2023-42336

HistorySep 16, 2023 - 1:15 a.m.

CVE-2023-42336

2023-09-1601:15:08

CWE-798

[email protected]

web.nvd.nist.gov

netis systems

wf2409ev4

remote attacker

arbitrary code

sensitive information

password parameter

/etc/shadow.sample

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.003

Percentile

70.2%

JSON

An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component.

Affected configurations

Nvd

Node

netis-systemswf2409e_firmwareMatch1.0.1.705

AND

netis-systemswf2409eMatchv4

VendorProductVersionCPE
netis-systemswf2409e_firmware1.0.1.705cpe:2.3:o:netis-systems:wf2409e_firmware:1.0.1.705:*:*:*:*:*:*:*
netis-systemswf2409ev4cpe:2.3:h:netis-systems:wf2409e:v4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netis-systems	wf2409e_firmware	1.0.1.705	cpe:2.3:o:netis-systems:wf2409e_firmware:1.0.1.705:::::::*
netis-systems	wf2409e	v4	cpe:2.3:h:netis-systems:wf2409e:v4:::::::*

References

github.com/adhikara13/CVE/blob/main/netis_WF2409E/Root_Hard_Code.md

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.003

Percentile

70.2%

JSON

Related for NVD:CVE-2023-42336

cve1 prion1 cvelist1