Netis
Products
27- 11 CVEs
- 11 CVEs
- 7 CVEs
- 6 CVEs
- 4 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
- 0 CVEs
- 0 CVEs
- 0 CVEs
Recent CVEs
65| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-22729 | Cri | 0.72 | 9.8 | 0.71 | Jan 25, 2024 | NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page. | ||
| CVE-2025-34117 | Cri | 0.65 | — | 0.23 | Jul 16, 2025 | A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented. An unauthenticated… | ||
| CVE-2024-25850 | Cri | 0.65 | 9.8 | 0.19 | Feb 22, 2024 | Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_ssid5g parameter | ||
| CVE-2019-8985 | Cri | 0.65 | 9.8 | 0.13 | Feb 21, 2019 | On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability… | ||
| CVE-2024-33792 | Cri | 0.64 | 9.8 | 0.01 | May 3, 2024 | netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page. | ||
| CVE-2023-45467 | Cri | 0.64 | 9.8 | 0.02 | Oct 13, 2023 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings. | ||
| CVE-2023-45466 | Cri | 0.64 | 9.8 | 0.02 | Oct 13, 2023 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings. | ||
| CVE-2023-45465 | Cri | 0.64 | 9.8 | 0.02 | Oct 13, 2023 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings. | ||
| CVE-2023-43893 | Cri | 0.64 | 9.8 | 0.02 | Oct 2, 2023 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload. | ||
| CVE-2023-43892 | Cri | 0.64 | 9.8 | 0.02 | Oct 2, 2023 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload. | ||
| CVE-2023-43891 | Cri | 0.64 | 9.8 | 0.02 | Oct 2, 2023 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload. | ||
| CVE-2023-43134 | Cri | 0.64 | 9.8 | 0.01 | Sep 20, 2023 | There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | ||
| CVE-2023-42336 | Cri | 0.64 | 9.8 | 0.01 | Sep 16, 2023 | An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component. | ||
| CVE-2019-19356 | Hig | 0.63 | 7.5 | 0.28 | KEV | Feb 7, 2020 | Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands… | |
| CVE-2018-25125 | Hig | 0.57 | — | 0.00 | Nov 14, 2025 | Netis ADSL Router DL4322D firmware RTK 2.1.1 contains a buffer overflow vulnerability in the embedded FTP service that allows an authenticated remote user to trigger a denial of service. After logging in to the FTP service, sending an FTP command such as ABOR with an excessively… | ||
| CVE-2023-43890 | Hig | 0.57 | 8.8 | 0.03 | Oct 2, 2023 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request. | ||
| CVE-2023-38829 | Hig | 0.57 | 8.8 | 0.02 | Sep 11, 2023 | An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface. | ||
| CVE-2020-8946 | Hig | 0.57 | 8.8 | 0.02 | Feb 12, 2020 | Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter. | ||
| CVE-2019-20074 | Hig | 0.57 | 8.8 | 0.01 | Dec 30, 2019 | On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page. | ||
| CVE-2018-6391 | Hig | 0.57 | 8.8 | 0.01 | Jan 29, 2018 | A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings. |
- risk 0.72cvss 9.8epss 0.71
NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page.
- risk 0.65cvss —epss 0.23
A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented. An unauthenticated…
- risk 0.65cvss 9.8epss 0.19
Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_ssid5g parameter
- risk 0.65cvss 9.8epss 0.13
On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability…
- risk 0.64cvss 9.8epss 0.01
netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page.
- risk 0.64cvss 9.8epss 0.02
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings.
- risk 0.64cvss 9.8epss 0.02
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings.
- risk 0.64cvss 9.8epss 0.02
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings.
- risk 0.64cvss 9.8epss 0.02
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload.
- risk 0.64cvss 9.8epss 0.02
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload.
- risk 0.64cvss 9.8epss 0.02
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload.
- risk 0.64cvss 9.8epss 0.01
There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management.
- risk 0.64cvss 9.8epss 0.01
An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component.
- risk 0.63cvss 7.5epss 0.28
Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands…
- risk 0.57cvss —epss 0.00
Netis ADSL Router DL4322D firmware RTK 2.1.1 contains a buffer overflow vulnerability in the embedded FTP service that allows an authenticated remote user to trigger a denial of service. After logging in to the FTP service, sending an FTP command such as ABOR with an excessively…
- risk 0.57cvss 8.8epss 0.03
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request.
- risk 0.57cvss 8.8epss 0.02
An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface.
- risk 0.57cvss 8.8epss 0.02
Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via shell metacharacters in the /cgi-bin-igd/sys_log_clean.cgi log_3g_type parameter.
- risk 0.57cvss 8.8epss 0.01
On Netis DL4323 devices, any user role can view sensitive information, such as a user password or the FTP password, via the form2saveConf.cgi page.
- risk 0.57cvss 8.8epss 0.01
A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings.