Filtered by vendor Netis-systems
Subscribe
Total
32 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-22729 | 1 Netis-systems | 2 Mw5360, Mw5360 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page. | |||||
| CVE-2023-45468 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2023-45467 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings. | |||||
| CVE-2023-45466 | 1 Netis-systems | 2 N3m, N3mv2 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings. | |||||
| CVE-2023-45465 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings. | |||||
| CVE-2023-45464 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2023-45463 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | |||||
| CVE-2023-44860 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request. | |||||
| CVE-2023-43893 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload. | |||||
| CVE-2023-43892 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload. | |||||
| CVE-2023-43891 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload. | |||||
| CVE-2023-43890 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request. | |||||
| CVE-2023-43134 | 1 Netis-systems | 2 360r, 360r Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | |||||
| CVE-2023-42336 | 1 Netis-systems | 2 Wf2409e, Wf2409e Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component. | |||||
| CVE-2023-38829 | 1 Netis-systems | 2 Wf2409e, Wf2409e Firmware | 2024-11-21 | N/A | 8.8 HIGH |
| An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface. | |||||
| CVE-2023-0114 | 1 Netis-systems | 2 Netcore Router, Netcore Router Firmware | 2024-11-21 | 1.7 LOW | 3.3 LOW |
| A vulnerability was found in Netis Netcore Router. It has been rated as problematic. Affected by this issue is some unknown functionality of the file param.file.tgz of the component Backup Handler. The manipulation leads to cleartext storage in a file or on disk. Local access is required to approach this attack. The identifier of this vulnerability is VDB-217592. | |||||
| CVE-2023-0113 | 1 Netis-systems | 2 Netcore Router, Netcore Router Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability was found in Netis Netcore Router up to 2.2.6. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file param.file.tgz of the component Backup Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-217591. | |||||
| CVE-2021-26747 | 1 Netis-systems | 4 Wf2411, Wf2411 Firmware, Wf2780 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. | |||||
| CVE-2020-8946 | 1 Netis-systems | 2 Wf2471, Wf2471 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter. | |||||
| CVE-2019-8985 | 1 Netis-systems | 4 Wf2411, Wf2411 Firmware, Wf2880 and 1 more | 2024-11-21 | 9.0 HIGH | 9.8 CRITICAL |
| On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET request with a long HTTP "Authorization: Basic" header that is mishandled by user_auth->user_ok in /bin/boa. | |||||