Published: 21/02/2019 Updated: 28/03/2019
CVSS v2 Base Score: 9 | Impact Score: 8.5 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 801
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:C

Vulnerability Summary

On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET request with a long HTTP "Authorization: Basic" header that is mishandled by user_auth->user_ok in /bin/boa.

Vulnerability Trend

Affected Products

Vendor Product Versions
Netis-systemsWf2411 Firmware2.1.36123
Netis-systemsWf2880 Firmware2.1.36123