Show filters
32 Total Results
Displaying 21-30 of 32
Sort by:
Attacker Value
Unknown

CVE-2019-19356

Disclosure Date: February 07, 2020 (last updated February 21, 2025)
Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-20075

Disclosure Date: December 30, 2019 (last updated November 27, 2024)
On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic).
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-20070

Disclosure Date: December 30, 2019 (last updated November 27, 2024)
On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration).
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-20074

Disclosure Date: December 30, 2019 (last updated November 27, 2024)
On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-20076

Disclosure Date: December 30, 2019 (last updated November 27, 2024)
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration).
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-20071

Disclosure Date: December 30, 2019 (last updated November 27, 2024)
On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-20073

Disclosure Date: December 30, 2019 (last updated November 27, 2024)
On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration).
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-20072

Disclosure Date: December 30, 2019 (last updated November 27, 2024)
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration).
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-8985

Disclosure Date: February 21, 2019 (last updated November 27, 2024)
On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET request with a long HTTP "Authorization: Basic" header that is mishandled by user_auth->user_ok in /bin/boa.
0
0
Attacker Value
Unknown

CVE-2018-6391

Disclosure Date: January 29, 2018 (last updated November 26, 2024)
A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings.
0
0
View More Topics  < Previous  Next >