// For flags

CVE-2023-0113

Netis Netcore Router Backup param.file.tgz information disclosure

Severity Score

7.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability was found in Netis Netcore Router up to 2.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file param.file.tgz of the component Backup Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-217591.

Se encontró una vulnerabilidad en Netis Netcore Router hasta 2.2.6. Ha sido declarada problemática. Una función desconocida del archivo param.file.tgz del componente Backup Handler es afectada por esta vulnerabilidad. La manipulación conduce a la divulgación de información. El ataque se puede lanzar de forma remota. El identificador asociado de esta vulnerabilidad es VDB-217591.

In Netis Netcore Router bis 2.2.6 wurde eine problematische Schwachstelle ausgemacht. Das betrifft eine unbekannte Funktionalität der Datei param.file.tgz der Komponente Backup Handler. Dank der Manipulation mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden.

*Credits: c4ng4c3ir0
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-01-07 CVE Reserved
  • 2023-01-07 CVE Published
  • 2024-08-02 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (0)
URL Tag Source
URL Date SRC
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Netis-systems
Search vendor "Netis-systems"
 Netcore Router Firmware
Search vendor "Netis-systems" for product "Netcore Router Firmware"
--
Affected
in Netis-systems
Search vendor "Netis-systems"
 Netcore Router
Search vendor "Netis-systems" for product "Netcore Router"
--
Safe