CVE-2024-37855

2024-06-2500:00:00

mitre

github.com

nepstech wifi router

remote code execution

telnet port attack

AI Score

8.2

Confidence

Low

SSVC

Exploitation

poc

Automatable

Technical Impact

total

JSON

An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware 2.0.1 allows a remote attacker to execute arbitrary code via the router’s Telnet port 2345 without requiring authentication credentials.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:o:nepstech:ntpl-xpon1gfevn_firmware:2.0.1:*:*:*:*:*:*:*"
    ],
    "vendor": "nepstech",
    "product": "ntpl-xpon1gfevn_firmware",
    "versions": [
      {
        "status": "affected",
        "version": "2.0.1"
      }
    ],
    "defaultStatus": "unknown"
  }
]

References

github.com/sudo-subho/nepstech-xpon-router-rce