CVE-2023-45466

Vulnerability

The Netis N3Mv2 router firmware version V1.0.1.865 contains a blind command injection vulnerability in the pin_host parameter within the WPS (Wi-Fi Protected Setup) settings. The parameter lacks proper input validation, enabling an attacker to inject arbitrary OS commands. This issue is documented in the advisory [1].

Exploitation

An attacker with network access to the router's web interface (typically requiring authentication or default credentials) can navigate to the WPS settings page. By crafting a malicious pin_host parameter value containing command injection payloads (e.g., using backticks or shell metacharacters), the attacker can execute arbitrary OS commands on the device. The injection is blind, meaning no direct output is returned, but commands are executed [1].

Impact

Successful exploitation allows an attacker to execute arbitrary OS commands on the router, potentially leading to full device compromise, unauthorized access to network resources, data exfiltration, or using the router as a pivot for further attacks. The attacker gains control over the router's operating system [1].

Mitigation

As of the publication date (2023-10-13), no official patch or fixed version has been released by Netis. Users should monitor the vendor's support page for updates and consider restricting access to the router's management interface (e.g., via firewall rules or disabling remote management). The vulnerability is not currently listed in CISA's Known Exploited Vulnerabilities catalog.