CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 1CVE-2023-42336
https://notcve.org/view.php?id=CVE-2023-42336
16 Sep 2023 — An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component. Un problema en NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 permite a un atacante remoto ejecutar código arbitrario y obtener información sensible a través del parámetro de contraseña en el componente /etc/shadow.sample. • https://github.com/adhikara13/CVE/blob/main/netis_WF2409E/Root_Hard_Code.md • CWE-798: Use of Hard-coded Credentials •
CVSS: 9.0EPSS: 26%CPEs: 2EXPL: 2CVE-2023-38829
https://notcve.org/view.php?id=CVE-2023-38829
11 Sep 2023 — An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface. Un problema en NETIS SYSTEMS WF2409E v.3.6.42541 permite a un atacante remoto ejecutar código arbitrario a través de las funciones ping y traceroute del componente de herramientas de diagnóstico en la interfaz de administración. • https://github.com/adhikara13/CVE-2023-38829-NETIS-WF2409E • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •