VYPR

Vendor CVEs

Netis

All CVEs

65 total · sorted by risk
  • CVE-2024-48456HigJan 6, 2025
    risk 0.58cvss 7.5epss 0.17

    An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and…

  • CVE-2018-25125HigNov 14, 2025
    risk 0.57cvss epss 0.00

    Netis ADSL Router DL4322D firmware RTK 2.1.1 contains a buffer overflow vulnerability in the embedded FTP service that allows an authenticated remote user to trigger a denial of service. After logging in to the FTP service, sending an FTP command such as ABOR with an excessively…

  • CVE-2024-48457HigJan 6, 2025
    risk 0.57cvss 7.5epss 0.03

    An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and…

  • CVE-2018-6391HigJan 29, 2018
    risk 0.57cvss 8.8epss 0.01

    A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings.

  • CVE-2020-37093HigFeb 3, 2026
    risk 0.49cvss 7.5epss 0.00

    Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcore_get.cgi endpoint. Attackers can send a GET request to the endpoint to extract sensitive network credentials including SSID…

  • CVE-2020-37092HigFeb 3, 2026
    risk 0.49cvss 7.5epss 0.00

    Netis E1+ version 1.2.32533 contains a hardcoded root account vulnerability that allows unauthenticated attackers to access the device with predefined credentials. Attackers can leverage the embedded root account with a crackable password to gain full administrative access to…

  • CVE-2026-36540HigMay 27, 2026
    risk 0.48cvss 7.3epss 0.01

    Netis AC1200 Router NC21 V4.0.1.4296 is vulnerable to unauthenticated command injection via the /cgi-bin/skk_set.cgi endpoint. The password and new_pwd_confirm POST parameters are passed directly to the underlying OS shell without sanitization. An attacker can inject arbitrary…

  • CVE-2026-36539HigMay 27, 2026
    risk 0.47cvss 7.3epss 0.00

    Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skk_get.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator…

  • CVE-2026-36538HigMay 27, 2026
    risk 0.47cvss 7.3epss 0.00

    Netis AC1200 Router NC21 V4.0.1.4296 contains a hard-coded root credential stored in /etc/shadow.sample. The password for the root account is set to the trivially weak value root, allowing an attacker with access to the device to authenticate as root and gain full control of the…

  • CVE-2018-6190MedJan 24, 2018
    risk 0.38cvss 5.4epss 0.02

    Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page.

  • CVE-2018-5967MedJan 25, 2018
    risk 0.35cvss 5.4epss 0.01

    Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page.

  • CVE-2024-48455LowJan 6, 2025
    risk 0.26cvss 2.7epss 0.06

    An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and…

  • CVE-2019-19356KEVFeb 7, 2020
    risk 0.19cvss epss 0.28

    Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands…

  • CVE-2025-9119LowAug 18, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSID with the input <img/src/onerror=prompt(8)> causes cross site scripting. Remote…

  • CVE-2025-1617LowFeb 24, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability, which was classified as problematic, was found in Netis WF2780 2.1.41925. This affects an unknown part of the component Wireless 2.4G Menu. The manipulation of the argument SSID leads to cross site scripting. It is possible to initiate the attack remotely. The…

  • CVE-2025-2922LowMar 28, 2025
    risk 0.13cvss 2.0epss 0.00

    A vulnerability classified as problematic was found in Netis WF-2404 1.1.124EN. Affected by this vulnerability is an unknown functionality of the component BusyBox Shell. The manipulation leads to cleartext storage of sensitive information. It is possible to launch the attack on…

  • CVE-2025-2920LowMar 28, 2025
    risk 0.13cvss 2.0epss 0.00

    A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /еtc/passwd. The manipulation leads to use of weak hash. It is possible to launch the attack on the physical device. The complexity of…

  • CVE-2024-22729Jan 25, 2024
    risk 0.10cvss epss 0.71

    NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page.

  • CVE-2019-8985Feb 21, 2019
    risk 0.05cvss epss 0.13

    On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability…

  • CVE-2021-26747Feb 18, 2021
    risk 0.02cvss epss 0.54

    Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.

  • CVE-2024-25850Feb 22, 2024
    risk 0.01cvss epss 0.19

    Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_ssid5g parameter

  • CVE-2023-44860Oct 6, 2023
    risk 0.01cvss epss 0.20

    An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request.

  • CVE-2023-38829Sep 11, 2023
    risk 0.01cvss epss 0.02

    An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface.

  • CVE-2025-50614Aug 13, 2025
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_0047151c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_set in the payload, which can cause the program to crash and…

  • CVE-2025-50611Aug 13, 2025
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00473154 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_sec_set_5g and wl_sec_rp_set_5g in the payload, which can cause the…

  • CVE-2025-50617Aug 13, 2025
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046ed68 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wps_set in the payload, which can cause the program to crash and potentially…

  • CVE-2025-50609Aug 13, 2025
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the Function_00465620 of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of specify_parame in the payload, which can cause the program to crash and…

  • CVE-2025-50612Aug 13, 2025
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_004743f8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_sec_set in the payload, which may cause the program to crash and…

  • CVE-2025-50610Aug 13, 2025
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00476598 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_base_set_5g in the payload, which can cause the program to crash and…

  • CVE-2025-50613Aug 13, 2025
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00475e1c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_key_wep in the payload, which can cause the program to crash and…

  • CVE-2025-50615Aug 13, 2025
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00470c50 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_mac_filter_set in the payload, which can cause the program to crash and…

  • CVE-2025-50608Aug 13, 2025
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00471994 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_base_set in the payload, which can cause the program to crash and…

  • CVE-2025-50635Aug 13, 2025
    risk 0.00cvss epss 0.00

    A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. The vulnerability exists in the FUN_0048a728 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the CONTENT_LENGTH variable, causing the program to crash…

  • CVE-2025-50616Aug 13, 2025
    risk 0.00cvss epss 0.00

    A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046f984 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_advanced_set in the payload, which can cause the program to crash and lead…

  • CVE-2025-45835May 12, 2025
    risk 0.00cvss epss 0.00

    A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. The vulnerability exists in the FUN_004904c8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the environment variable value CONTENT_LENGTH, causing the…

  • CVE-2025-2921Mar 28, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical has been found in Netis WF-2404 1.1.124EN. Affected is an unknown function of the file /etc/passwd. The manipulation with the input Realtek leads to use of default password. It is possible to launch the attack on the physical device. The…

  • CVE-2025-2919Mar 28, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in Netis WF-2404 1.1.124EN. It has been declared as critical. This vulnerability affects unknown code of the component UART. The manipulation leads to hardware allows activation of test or debug logic at runtime. It is possible to launch the attack on…

  • CVE-2024-33793May 3, 2024
    risk 0.00cvss epss 0.00

    netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the ping test page.

  • CVE-2024-33792May 3, 2024
    risk 0.00cvss epss 0.01

    netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page.

  • CVE-2024-33791May 3, 2024
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the getTimeZone function.

  • CVE-2024-25851Feb 22, 2024
    risk 0.00cvss epss 0.02

    Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the config_sequence parameter in other_para of cgitest.cgi.

  • CVE-2023-45465Oct 13, 2023
    risk 0.00cvss epss 0.02

    Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings.

  • CVE-2023-45467Oct 13, 2023
    risk 0.00cvss epss 0.02

    Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings.

  • CVE-2023-45466Oct 13, 2023
    risk 0.00cvss epss 0.02

    Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings.

  • CVE-2023-45463Oct 13, 2023
    risk 0.00cvss epss 0.01

    Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2023-45468Oct 13, 2023
    risk 0.00cvss epss 0.01

    Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2023-45464Oct 13, 2023
    risk 0.00cvss epss 0.01

    Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.

  • CVE-2023-43893Oct 2, 2023
    risk 0.00cvss epss 0.02

    Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload.

  • CVE-2023-43892Oct 2, 2023
    risk 0.00cvss epss 0.02

    Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload.

  • CVE-2023-43890Oct 2, 2023
    risk 0.00cvss epss 0.03

    Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request.

Page 1 of 2