CVSS: 10.0EPSS: 13%CPEs: 4EXPL: 1CVE-2021-26747
https://notcve.org/view.php?id=CVE-2021-26747
18 Feb 2021 — Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. Los dispositivos Netis WF2780 versión 2.3.40404 y WF2411 versión 1.1.29629, permiten una inyección de metacaracteres de Shell en el comando ping, conllevando a una ejecución de código remota • http://www.netis-systems.com.tw • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 9.8EPSS: 71%CPEs: 4EXPL: 2CVE-2019-8985
https://notcve.org/view.php?id=CVE-2019-8985
21 Feb 2019 — On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET request with a long HTTP "Authorization: Basic" header that is mishandled by user_auth->user_ok in /bin/boa. En Netis WF211, con la versión de firmware 2.1.36123, y otros dispositivos de Netis (posiblemente de... • https://github.com/Squirre17/CVE-2019-8985 • CWE-306: Missing Authentication for Critical Function CWE-787: Out-of-bounds Write •