CVE-2023-43893

Vulnerability

The Netis N3Mv2 router firmware version V1.0.1.865 contains a blind command injection vulnerability in the Wake-On-LAN (WoL) functionality. The flaw resides in the handling of the wakeup_mac parameter used for initiating WoL requests. An attacker can inject arbitrary OS commands via this parameter without any authentication requirement [1].

Exploitation

An attacker can craft a malicious payload in the wakeup_mac parameter of the WoL request, which is then processed by the router's firmware without proper sanitization. The attack requires network access to the router, but no prior authentication is needed. The command injection is blind, meaning the attacker does not receive direct output, but can execute commands that affect the router's behavior [1].

Impact

Successful exploitation allows an attacker to execute arbitrary OS commands on the router, potentially leading to full compromise of the device, unauthorized access to internal networks, data exfiltration, or further attacks against other devices [1].

Mitigation

As of the available references [1], no fixed version has been released by Netis for this vulnerability. Users should monitor vendor advisories for a firmware update. A potential workaround includes disabling the Wake-On-LAN feature if not required until a patch is applied [1].