Filtered by vendor Netis-systems
Subscriptions
Total
32 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-45463 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-10-15 | 7.5 High |
Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the hostName parameter in the FUN_0040dabc function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
CVE-2023-38829 | 1 Netis-systems | 2 Wf2409e, Wf2409e Firmware | 2024-09-26 | 8.8 High |
An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface. | ||||
CVE-2023-42336 | 1 Netis-systems | 2 Wf2409e, Wf2409e Firmware | 2024-09-25 | 9.8 Critical |
An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component. | ||||
CVE-2023-43134 | 1 Netis-systems | 3 360r, 360r Firmware, 360rac1200 | 2024-09-25 | 9.8 Critical |
There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | ||||
CVE-2023-43891 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-09-20 | 9.8 Critical |
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload. | ||||
CVE-2023-43890 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-09-20 | 8.8 High |
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request. | ||||
CVE-2023-43893 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-09-20 | 9.8 Critical |
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload. | ||||
CVE-2023-44860 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-09-19 | 7.5 High |
An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request. | ||||
CVE-2023-45464 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-09-18 | 7.5 High |
Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the servDomain parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
CVE-2023-45465 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-09-18 | 9.8 Critical |
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName parameter in the Dynamic DNS settings. | ||||
CVE-2023-45466 | 1 Netis-systems | 2 N3m, N3mv2 Firmware | 2024-09-18 | 9.8 Critical |
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter in the WPS Settings. | ||||
CVE-2023-45467 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-09-17 | 9.8 Critical |
Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter in the Time Settings. | ||||
CVE-2023-45468 | 1 Netis-systems | 2 N3m, N3m Firmware | 2024-09-17 | 7.5 High |
Netis N3Mv2-V1.0.1.865 was discovered to contain a buffer overflow via the pingWdogIp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
CVE-2018-6391 | 1 Netis-systems | 2 Wf2419, Wf2419 Firmware | 2024-09-17 | N/A |
A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings. | ||||
CVE-2018-25069 | 1 Netis-systems | 2 Netcore Router, Netcore Router Firmware | 2024-08-05 | 7.3 High |
A vulnerability classified as critical has been found in Netis Netcore Router. This affects an unknown part. The manipulation leads to use of hard-coded password. It is possible to initiate the attack remotely. The identifier VDB-217593 was assigned to this vulnerability. | ||||
CVE-2018-6190 | 1 Netis-systems | 2 Wf2419, Wf2419 Firmware | 2024-08-05 | N/A |
Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page. | ||||
CVE-2018-5967 | 1 Netis-systems | 2 Wf2419, Wf2419 Firmware | 2024-08-05 | N/A |
Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page. | ||||
CVE-2019-20070 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2024-08-05 | 6.1 Medium |
On Netis DL4323 devices, XSS exists via the urlFQDN parameter to form2url.cgi (aka the Keyword field of the URL Blocking Configuration). | ||||
CVE-2019-20075 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2024-08-05 | 6.1 Medium |
On Netis DL4323 devices, pingrtt_v6.html has XSS (Ping6 Diagnostic). | ||||
CVE-2019-20073 | 1 Netis-systems | 2 Dl4343, Dl4343 Firmware | 2024-08-05 | 6.1 Medium |
On Netis DL4323 devices, XSS exists via the form2userconfig.cgi username parameter (User Account Configuration). |