Lucene search

Netis-Systems Security Vulnerabilities

cve

CVE-2018-25069

A vulnerability classified as critical has been found in Netis Netcore Router. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The identifier VDB-217593 was assigned to this vulnerability.

9.8CVSS

9.4AI Score

0.01EPSS

2023-01-07 09:15 AM

cve

CVE-2018-5967

Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page.

5.4CVSS

5.3AI Score

0.0005EPSS

2018-01-25 08:29 AM

cve

CVE-2018-6190

Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page.

5.4CVSS

5.2AI Score

0.001EPSS

2018-01-24 09:29 PM

cve

CVE-2018-6391

A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings.

8.8CVSS

8.6AI Score

0.018EPSS

2018-01-29 07:29 PM

cve

CVE-2019-19356

Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the ...

7.5CVSS

7.8AI Score

0.96EPSS

2020-02-07 11:15 PM

995

In Wild

cve

CVE-2019-20070

On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration).

6.1CVSS

6AI Score

0.002EPSS

2019-12-30 12:15 AM

cve

CVE-2019-20071

On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs.

6.5CVSS

6.5AI Score

0.002EPSS

2019-12-30 12:15 AM

cve

CVE-2019-20072

On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration).

6.1CVSS

6AI Score

0.002EPSS

2019-12-30 12:15 AM

cve

CVE-2019-20073

On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration).

6.1CVSS

6AI Score

0.002EPSS

2019-12-30 12:15 AM

cve

CVE-2019-20074

On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.

8.8CVSS

8.7AI Score

0.001EPSS

2019-12-30 12:15 AM

cve

CVE-2019-20075

On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic).

6.1CVSS

6AI Score

0.002EPSS

2019-12-30 12:15 AM

cve

CVE-2019-20076

On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration).

6.1CVSS

6AI Score

0.002EPSS

2019-12-30 12:15 AM

cve

CVE-2019-8985

On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a ...

9.8CVSS

9.8AI Score

0.01EPSS

2019-02-21 07:29 PM

cve

CVE-2020-8946

Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter.

8.8CVSS

8.8AI Score

0.006EPSS

2020-02-12 06:15 PM

cve

CVE-2021-26747

Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.

9.8CVSS

9.9AI Score

0.01EPSS

2021-02-18 09:15 PM

cve

CVE-2023-0113

A vulnerability was found in Netis Netcore Router up to 2.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file param.file.tgz of the component Backup Handler. The manipulation leads to information disclosure. The attack can be launched rem...

7.5CVSS

7.3AI Score

0.002EPSS

2023-01-07 09:15 AM

cve

CVE-2023-0114

A vulnerability was found in Netis Netcore Router. It has been rated as problematic. Affected by this issue is some unknown functionality of the file param.file.tgz of the component Backup Handler. The manipulation leads to cleartext storage in a file or on disk. Local access is required to approac...

5.5CVSS

5.5AI Score

0.0004EPSS

2023-01-07 09:15 AM

cve

CVE-2023-38829

An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface.

8.8CVSS

8.8AI Score

0.002EPSS

2023-09-11 07:15 PM

cve

CVE-2023-42336

An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component.

9.8CVSS

9.5AI Score

0.005EPSS

2023-09-16 01:15 AM

cve

CVE-2023-43134

There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.

9.8CVSS

8.9AI Score

0.002EPSS

2023-09-20 08:15 PM

cve

CVE-2023-43890

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request.

8.8CVSS

8.7AI Score

0.001EPSS

2023-10-02 08:15 PM

cve

CVE-2023-43891

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload.

9.8CVSS

9.5AI Score

0.013EPSS

2023-10-02 10:15 PM

cve

CVE-2023-43892

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload.

9.8CVSS

9.6AI Score

0.001EPSS

2023-10-02 10:15 PM

cve

CVE-2023-43893

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload.

9.8CVSS

9.5AI Score

0.001EPSS

2023-10-02 10:15 PM

cve

CVE-2023-44860

An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request.

7.5CVSS

7.3AI Score

0.001EPSS

2023-10-06 11:15 PM

cve

CVE-2023-45463

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

7.5CVSS

7.5AI Score

0.001EPSS

2023-10-13 01:15 PM

cve

CVE-2023-45464

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

7.5CVSS

7.6AI Score

0.001EPSS

2023-10-13 01:15 PM

cve

CVE-2023-45465

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings.

9.8CVSS

9.7AI Score

0.013EPSS

2023-10-13 01:15 PM

cve

CVE-2023-45466

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings.

9.8CVSS

9.7AI Score

0.013EPSS

2023-10-13 01:15 PM

cve

CVE-2023-45467

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings.

9.8CVSS

9.7AI Score

0.001EPSS

2023-10-13 01:15 PM

cve

CVE-2023-45468

Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

7.5CVSS

7.5AI Score

0.001EPSS

2023-10-13 01:15 PM

cve

CVE-2024-22729

NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page.

9.8CVSS

9.8AI Score

0.015EPSS

2024-01-25 03:15 PM

140