CVSS: 10.0EPSS: 13%CPEs: 2EXPL: 1CVE-2023-43892
https://notcve.org/view.php?id=CVE-2023-43892
02 Oct 2023 — Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload. Se descubrió que Netis N3Mv2-V1.0.1.865 contenía una vulnerabilidad de inyección de comandos a través del parámetro Hostname dentro de la configuración de WAN. Esta vulnerabilidad se explota mediante un payload manipulado. • https://github.com/adhikara13/CVE/blob/main/netis_N3/blind%20command%20injection%20in%20hostname%20parameter%20in%20wan%20settings.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 9%CPEs: 2EXPL: 1CVE-2023-43893
https://notcve.org/view.php?id=CVE-2023-43893
02 Oct 2023 — Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload. Se descubrió que Netis N3Mv2-V1.0.1.865 contenía una vulnerabilidad de inyección de comandos a través del parámetro wakeup_mac en la función Wake-On-LAN (WoL). Esta vulnerabilidad se explota mediante un payload manipulado. • https://github.com/adhikara13/CVE/blob/main/netis_N3/blind%20command%20injection%20in%20wake%20on%20lan%20functionality%20in%20wakeup_mac%20parameter.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 1CVE-2023-43134
https://notcve.org/view.php?id=CVE-2023-43134
20 Sep 2023 — There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. Existe una vulnerabilidad de acceso no autorizado en Netis 360RAC1200 v1.3.4517, que permite a los atacantes obtener información sensible del dispositivo sin autenticación, obtener tokens de usuario y, en última instancia, iniciar sesión en la administración del bac... • https://github.com/7R4C4R/CVE/blob/main/Netis-360R-AC1200/unauthorized%20access/readme.md • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2023-42336
https://notcve.org/view.php?id=CVE-2023-42336
16 Sep 2023 — An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component. Un problema en NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 permite a un atacante remoto ejecutar código arbitrario y obtener información sensible a través del parámetro de contraseña en el componente /etc/shadow.sample. • https://github.com/adhikara13/CVE/blob/main/netis_WF2409E/Root_Hard_Code.md • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 26%CPEs: 2EXPL: 2CVE-2023-38829
https://notcve.org/view.php?id=CVE-2023-38829
11 Sep 2023 — An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface. Un problema en NETIS SYSTEMS WF2409E v.3.6.42541 permite a un atacante remoto ejecutar código arbitrario a través de las funciones ping y traceroute del componente de herramientas de diagnóstico en la interfaz de administración. • https://github.com/adhikara13/CVE-2023-38829-NETIS-WF2409E • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-25069 – Netis Netcore Router hard-coded password
https://notcve.org/view.php?id=CVE-2018-25069
07 Jan 2023 — A vulnerability classified as critical has been found in Netis Netcore Router. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The identifier VDB-217593 was assigned to this vulnerability. • https://advisories.checkpoint.com/advisory/cpai-2018-0721 • CWE-259: Use of Hard-coded Password •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0114 – Netis Netcore Router Backup param.file.tgz cleartext storage in a file or on disk
https://notcve.org/view.php?id=CVE-2023-0114
07 Jan 2023 — A vulnerability was found in Netis Netcore Router. It has been rated as problematic. Affected by this issue is some unknown functionality of the file param.file.tgz of the component Backup Handler. The manipulation leads to cleartext storage in a file or on disk. Local access is required to approach this attack. • https://vuldb.com/?ctiid.217592 • CWE-313: Cleartext Storage in a File or on Disk •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0113 – Netis Netcore Router Backup param.file.tgz information disclosure
https://notcve.org/view.php?id=CVE-2023-0113
07 Jan 2023 — A vulnerability was found in Netis Netcore Router up to 2.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file param.file.tgz of the component Backup Handler. The manipulation leads to information disclosure. The attack can be launched remotely. • https://vuldb.com/?ctiid.217591 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 13%CPEs: 4EXPL: 1CVE-2021-26747
https://notcve.org/view.php?id=CVE-2021-26747
18 Feb 2021 — Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. Los dispositivos Netis WF2780 versión 2.3.40404 y WF2411 versión 1.1.29629, permiten una inyección de metacaracteres de Shell en el comando ping, conllevando a una ejecución de código remota • http://www.netis-systems.com.tw • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 1CVE-2020-8946
https://notcve.org/view.php?id=CVE-2020-8946
12 Feb 2020 — Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter. Los dispositivos Netis WF2471 versión v1.2.30142, permiten a un atacante autenticado ejecutar comandos arbitrarios de Sistema Operativo por medio de metacaracteres de shell en el parámetro log_3g_type del archivo /cgi-bin-igd/sys_log_clean.cgi. • https://sku11army.blogspot.com/2020/02/netis-authenticated-rce-on-wf2471.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •