VYPR
Vendor

Netis

Products
27
CVEs
65
Across products
73
Status
Private

Products

27

Recent CVEs

65
View all 65 CVEs →
  • CVE-2024-22729CriJan 25, 2024
    risk 0.72cvss 9.8epss 0.71

    NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page.

  • CVE-2025-34117CriJul 16, 2025
    risk 0.65cvss epss 0.23

    A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented. An unauthenticated…

  • CVE-2024-25850CriFeb 22, 2024
    risk 0.65cvss 9.8epss 0.19

    Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_ssid5g parameter

  • CVE-2019-8985CriFeb 21, 2019
    risk 0.65cvss 9.8epss 0.13

    On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability…

  • CVE-2024-33792CriMay 3, 2024
    risk 0.64cvss 9.8epss 0.01

    netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page.

  • CVE-2023-45467CriOct 13, 2023
    risk 0.64cvss 9.8epss 0.02

    Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings.

  • CVE-2023-45466CriOct 13, 2023
    risk 0.64cvss 9.8epss 0.02

    Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings.

  • CVE-2023-45465CriOct 13, 2023
    risk 0.64cvss 9.8epss 0.02

    Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings.

  • CVE-2023-43893CriOct 2, 2023
    risk 0.64cvss 9.8epss 0.02

    Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload.

  • CVE-2023-43892CriOct 2, 2023
    risk 0.64cvss 9.8epss 0.02

    Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload.

  • CVE-2023-43891CriOct 2, 2023
    risk 0.64cvss 9.8epss 0.02

    Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload.

  • CVE-2023-43134CriSep 20, 2023
    risk 0.64cvss 9.8epss 0.01

    There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.

  • CVE-2023-42336CriSep 16, 2023
    risk 0.64cvss 9.8epss 0.01

    An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component.

  • CVE-2019-19356HigKEVFeb 7, 2020
    risk 0.63cvss 7.5epss 0.28

    Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands…

  • CVE-2018-25125HigNov 14, 2025
    risk 0.57cvss epss 0.00

    Netis ADSL Router DL4322D firmware RTK 2.1.1 contains a buffer overflow vulnerability in the embedded FTP service that allows an authenticated remote user to trigger a denial of service. After logging in to the FTP service, sending an FTP command such as ABOR with an excessively…

  • CVE-2023-43890HigOct 2, 2023
    risk 0.57cvss 8.8epss 0.03

    Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request.

  • CVE-2023-38829HigSep 11, 2023
    risk 0.57cvss 8.8epss 0.02

    An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface.

  • CVE-2020-8946HigFeb 12, 2020
    risk 0.57cvss 8.8epss 0.02

    Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter.

  • CVE-2019-20074HigDec 30, 2019
    risk 0.57cvss 8.8epss 0.01

    On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.

  • CVE-2018-6391HigJan 29, 2018
    risk 0.57cvss 8.8epss 0.01

    A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings.