Vulnerabilities > Netis Systems

DATE CVE VULNERABILITY TITLE RISK
2020-02-07 CVE-2019-19356 OS Command Injection vulnerability in Netis-Systems Wf2419 Firmware 1.2.31805/2.2.36123
Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page.
network
high complexity
netis-systems CWE-78
7.5
2019-12-30 CVE-2019-20076 Cross-site Scripting vulnerability in Netis-Systems Dl4343 Firmware
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi username parameter (DynDns settings of the Dynamic DNS Configuration).
network
low complexity
netis-systems CWE-79
6.1
2019-12-30 CVE-2019-20075 Cross-site Scripting vulnerability in Netis-Systems Dl4343 Firmware
On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic).
network
low complexity
netis-systems CWE-79
6.1
2019-12-30 CVE-2019-20074 Improper Privilege Management vulnerability in Netis-Systems Dl4343 Firmware
On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.
network
low complexity
netis-systems CWE-269
8.8
2019-12-30 CVE-2019-20073 Cross-site Scripting vulnerability in Netis-Systems Dl4343 Firmware
On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration).
network
low complexity
netis-systems CWE-79
6.1
2019-12-30 CVE-2019-20072 Cross-site Scripting vulnerability in Netis-Systems Dl4343 Firmware
On Netis DL4323 devices, XSS exists via the form2Ddns.cgi hostname parameter (Dynamic DNS Configuration).
network
low complexity
netis-systems CWE-79
6.1
2019-12-30 CVE-2019-20071 Cross-Site Request Forgery (CSRF) vulnerability in Netis-Systems Dl4343 Firmware
On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs.
network
low complexity
netis-systems CWE-352
6.5
2019-12-30 CVE-2019-20070 Cross-site Scripting vulnerability in Netis-Systems Dl4343 Firmware
On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration).
network
low complexity
netis-systems CWE-79
6.1
2019-02-21 CVE-2019-8985 Missing Authentication for Critical Function vulnerability in Netis-Systems Wf2411 Firmware and Wf2880 Firmware
On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication.
network
low complexity
netis-systems CWE-306
critical
9.8
2018-01-29 CVE-2018-6391 Cross-Site Request Forgery (CSRF) vulnerability in Netis-Systems Wf2419 Firmware 2.2.36123
A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices.
network
low complexity
netis-systems CWE-352
8.8