Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
netis-systems vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2019-20071
On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs.
Netis-systems Dl4343 Firmware -
6.1
CVSSv3
CVE-2019-20073
On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration).
Netis-systems Dl4343 Firmware -
6.1
CVSSv3
CVE-2019-20076
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration).
Netis-systems Dl4343 Firmware -
5.4
CVSSv3
CVE-2018-6190
Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page.
Netis-systems Wf2419 Firmware 3.2.41381
1 EDB exploit
8.8
CVSSv3
CVE-2018-6391
A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings.
Netis-systems Wf2419 Firmware 2.2.36123
8.8
CVSSv3
CVE-2020-8946
Netis WF2471 v1.2.30142 devices allow an authenticated malicious user to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter.
Netis-systems Wf2471 Firmware 1.2.30142
9.8
CVSSv3
CVE-2023-42336
An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote malicious user to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component.
Netis-systems Wf2409e Firmware 1.0.1.705
9.8
CVSSv3
CVE-2024-22729
NETIS SYSTEMS MW5360 V1.0.1.3031 exists to contain a command injection vulnerability via the password parameter on the login page.
Netis-systems Mw5360 Firmware 1.0.1.3031
9.8
CVSSv3
CVE-2023-43134
There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows malicious users to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.
Netis-systems 360r Firmware 1.3.4517
8.8
CVSSv3
CVE-2023-38829
An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote malicious user to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface.
Netis-systems Wf2409e Firmware 3.6.42541
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »