CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-25069 – Netis Netcore Router hard-coded password
https://notcve.org/view.php?id=CVE-2018-25069
07 Jan 2023 — A vulnerability classified as critical has been found in Netis Netcore Router. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The identifier VDB-217593 was assigned to this vulnerability. • https://advisories.checkpoint.com/advisory/cpai-2018-0721 • CWE-259: Use of Hard-coded Password •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0114 – Netis Netcore Router Backup param.file.tgz cleartext storage in a file or on disk
https://notcve.org/view.php?id=CVE-2023-0114
07 Jan 2023 — A vulnerability was found in Netis Netcore Router. It has been rated as problematic. Affected by this issue is some unknown functionality of the file param.file.tgz of the component Backup Handler. The manipulation leads to cleartext storage in a file or on disk. Local access is required to approach this attack. • https://vuldb.com/?ctiid.217592 • CWE-313: Cleartext Storage in a File or on Disk •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2023-0113 – Netis Netcore Router Backup param.file.tgz information disclosure
https://notcve.org/view.php?id=CVE-2023-0113
07 Jan 2023 — A vulnerability was found in Netis Netcore Router up to 2.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file param.file.tgz of the component Backup Handler. The manipulation leads to information disclosure. The attack can be launched remotely. • https://vuldb.com/?ctiid.217591 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 13%CPEs: 4EXPL: 1CVE-2021-26747
https://notcve.org/view.php?id=CVE-2021-26747
18 Feb 2021 — Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. Los dispositivos Netis WF2780 versión 2.3.40404 y WF2411 versión 1.1.29629, permiten una inyección de metacaracteres de Shell en el comando ping, conllevando a una ejecución de código remota • http://www.netis-systems.com.tw • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.0EPSS: 2%CPEs: 2EXPL: 1CVE-2020-8946
https://notcve.org/view.php?id=CVE-2020-8946
12 Feb 2020 — Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter. Los dispositivos Netis WF2471 versión v1.2.30142, permiten a un atacante autenticado ejecutar comandos arbitrarios de Sistema Operativo por medio de metacaracteres de shell en el parámetro log_3g_type del archivo /cgi-bin-igd/sys_log_clean.cgi. • https://sku11army.blogspot.com/2020/02/netis-authenticated-rce-on-wf2471.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.5EPSS: 90%CPEs: 3EXPL: 5CVE-2019-19356 – Netis WF2419 Devices Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-19356
07 Feb 2020 — Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing. Netis WF2419 es vulnerable a la Ejecución de Código Remota (RCE) autenticada como root por medio de la página de administración Web del enrutador. ... • https://packetstorm.news/files/id/156588 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2019-20070
https://notcve.org/view.php?id=CVE-2019-20070
29 Dec 2019 — On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration). En los dispositivos Netis DL4323, existe una vulnerabilidad de tipo XSS por medio del parámetro urlFQDN en el archivo form2url.cgi (también se conoce como el campo Keyword del URL Blocking Configuration). • https://drive.google.com/open?id=1EtpCu6eZ0Hf2J70zg59wIlhUE8_bx1HE • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 3CVE-2019-20071
https://notcve.org/view.php?id=CVE-2019-20071
29 Dec 2019 — On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs. En los dispositivos Netis DL4323, existe una vulnerabilidad de tipo CSRF por medio del archivo form2logaction.cgi para eliminar todos los registros. • https://drive.google.com/open?id=1XtSsH-1ApxRS7VExubz8zBEyENVQGhUc • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2019-20072
https://notcve.org/view.php?id=CVE-2019-20072
29 Dec 2019 — On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration). En los dispositivos Netis DL4323, Existe una vulnerabilidad de tipo XSS por medio del parámetro hostname del archivo form2Ddns.cgi (Configuración dinámica de DNS). • https://drive.google.com/open?id=1IGRYVci8fxic0jJJb-pAfAK1kJ4V2yGM • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 3CVE-2019-20073
https://notcve.org/view.php?id=CVE-2019-20073
29 Dec 2019 — On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration). En los dispositivos Netis DL4323, existe una vulnerabilidad de tipo XSS por medio del parámetro username del archivo form2userconfig.cgi (User Account Configuration). • https://drive.google.com/open?id=1CxLrSKAczEZpm_7FERIrCGGJAs2mp6Go • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •