Vulnerabilities > Netis Systems

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-12	CVE-2020-8946	OS Command Injection vulnerability in Netis-Systems Wf2471 Firmware 1.2.30142 Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter. network low complexity netis-systems CWE-78	8.8
2020-02-07	CVE-2019-19356	OS Command Injection vulnerability in Netis-Systems Wf2419 Firmware 1.2.31805/2.2.36123 Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. network high complexity netis-systems CWE-78	7.5
2019-12-30	CVE-2019-20076	Cross-site Scripting vulnerability in Netis-Systems Dl4343 Firmware On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration). network low complexity netis-systems CWE-79	6.1
2019-12-30	CVE-2019-20075	Cross-site Scripting vulnerability in Netis-Systems Dl4343 Firmware On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). network low complexity netis-systems CWE-79	6.1
2019-12-30	CVE-2019-20074	Improper Privilege Management vulnerability in Netis-Systems Dl4343 Firmware On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page. network low complexity netis-systems CWE-269	8.8
2019-12-30	CVE-2019-20073	Cross-site Scripting vulnerability in Netis-Systems Dl4343 Firmware On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration). network low complexity netis-systems CWE-79	6.1
2019-12-30	CVE-2019-20072	Cross-site Scripting vulnerability in Netis-Systems Dl4343 Firmware On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration). network low complexity netis-systems CWE-79	6.1
2019-12-30	CVE-2019-20071	Cross-Site Request Forgery (CSRF) vulnerability in Netis-Systems Dl4343 Firmware On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs. network low complexity netis-systems CWE-352	6.5
2019-12-30	CVE-2019-20070	Cross-site Scripting vulnerability in Netis-Systems Dl4343 Firmware On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration). network low complexity netis-systems CWE-79	6.1
2019-02-21	CVE-2019-8985	Missing Authentication for Critical Function vulnerability in Netis-Systems Wf2411 Firmware and Wf2880 Firmware On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. network low complexity netis-systems CWE-306 critical	9.8

Vulnerabilities > Netis Systems {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Netis Systems"}]}

Vulnerabilities > Netis Systems