CVE-2023-45465

Vulnerability

The Netis N3Mv2 router firmware version V1.0.1.865 is vulnerable to a blind OS command injection in the ddnsDomainName parameter within the Dynamic DNS (DDNS) settings page. The parameter is not properly sanitized before being used in a system command, allowing injection of arbitrary commands. [1]

Exploitation

An attacker can exploit this vulnerability by sending a crafted HTTP request to the router's web interface, specifically targeting the DDNS configuration endpoint with a malicious ddnsDomainName value. The injection is blind, meaning the attacker does not receive direct output but can infer command execution through side effects (e.g., time delays or out-of-band interactions). No authentication is explicitly required in the disclosure, but typical router interfaces require administrative credentials to access the DDNS settings. [1]

Impact

Successful exploitation allows an attacker to execute arbitrary OS commands on the router with root privileges, leading to full compromise of the device. This can result in unauthorized access, data exfiltration, and use of the router as a pivot point for further network attacks. [1]

Mitigation

As of the publication date (2023-10-13), no official patch or firmware update has been released by Netis to address this vulnerability. Users are advised to monitor the vendor's support page for updates. If the device is no longer supported, consider replacing it with a patched or more secure alternative. [1]