CVE-2025-34117 - Vulnerability Details

- Netcore / Netis Routers RCE via UDP Port 53413 Backdoor

Description

A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented. An unauthenticated remote attacker can send specially crafted UDP packets to execute arbitrary commands on the affected device. This backdoor uses a hardcoded authentication mechanism and accepts shell commands post-authentication. Some device models include a non-standard implementation of the `echo` command, which may affect exploitability.

Published: 2025-07-16

Score: 9.3 Critical

EPSS: 60.7% High

KEV: No

Impact:

Action:

Analysis

Impact

A backdoor listener on UDP port 53413 allows an unauthenticated remote attacker to execute arbitrary commands on affected Netcore and Netis routers. The flaw results from a hardcoded authentication mechanism; once the backdoor is reached, the device accepts shell commands. Because authentication is not required, any host that exposes UDP 53413 can be compromised. The vulnerability is classified as missing authentication (CWE‑306) and operating system command injection (CWE‑78).

Affected Systems

The issue impacts Netcore Technology router firmware and Netis router firmware released before August 2014. Exact model or firmware revision limits are not documented, but any router running the undocumented backdoor will be vulnerable.

Risk and Exploitability

With a CVSS score of 9.3, the flaw poses a critical threat to confidentiality, integrity, and availability. An EPSS score of 61 % indicates a high probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, yet its exposure and exploit likelihood demand urgent action. An attacker simply sends specially crafted UDP packets to port 53413; the hardcoded authentication and shell command interface grant immediate code execution once the packet is received.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Netcore Technology

Router firmware

affected

Version	Status	Constraints
`Prior to August 2014`	affected	—

Netis

Router firmware

affected

Version	Status	Constraints
`Prior to August 2014`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade router firmware to a version released after August 2014 that removes the undocumented backdoor listener.
Block inbound UDP traffic on port 53413 using the router’s firewall or an external network firewall.
Enable logging and monitor for unusual UDP traffic to port 53413, and investigate any unauthorized access attempts.

Generated by OpenCVE AI on May 12, 2026 at 14:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2025-21753	A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented. An unauthenticated remote attacker can send specially crafted UDP packets to execute arbitrary commands on the affected device. This backdoor uses a hardcoded authentication mechanism and accepts shell commands post-authentication. Some device models include a non-standard implementation of the `echo` command, which may affect exploitability.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.60652.

Exploitation poc

Automatable yes

Technical Impact total

References

Link	Providers
https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/misc/netcore_udp_53413_backdoor.rb
https://vulners.com/metasploit/MSF:EXPLOIT-LINUX-MISC-NETCORE_UDP_53413_BACKDOOR-
https://web.archive.org/web/20140828114943/http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-leave-wide-open-backdoor/
https://www.exploit-db.com/exploits/43387
https://www.seebug.org/vuldb/ssvid-90227
https://www.shadowserver.org/what-we-do/network-reporting/netcore-netis-router-vulnerability-scan-report/
https://www.vulncheck.com/advisories/netcore-netis-routers-backdoor-rce

History

Wed, 19 Nov 2025 14:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Netis-systems Netis-systems netcore Router Firmware
CPEs		cpe:2.3:o:netis-systems:netcore_router_firmware:-:::::::*
Vendors & Products		Netis-systems Netis-systems netcore Router Firmware

Thu, 17 Jul 2025 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 16 Jul 2025 21:15:00 +0000

Type	Values Removed	Values Added
Description		A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented. An unauthenticated remote attacker can send specially crafted UDP packets to execute arbitrary commands on the affected device. This backdoor uses a hardcoded authentication mechanism and accepts shell commands post-authentication. Some device models include a non-standard implementation of the `echo` command, which may affect exploitability.
Title		Netcore / Netis Routers RCE via UDP Port 53413 Backdoor
Weaknesses		CWE-306 CWE-78 CWE-912
References		https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/misc/netcore_udp_53413_backdoor.rb https://vulners.com/metasploit/MSF:EXPLOIT-LINUX-MISC-NETCORE_UDP_53413_BACKDOOR- https://web.archive.org/web/20140828114943/http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-leave-wide-open-backdoor/ https://www.exploit-db.com/exploits/43387 https://www.seebug.org/vuldb/ssvid-90227 https://www.shadowserver.org/what-we-do/network-reporting/netcore-netis-router-vulnerability-scan-report/ https://www.vulncheck.com/advisories/netcore-netis-routers-backdoor-rce
Metrics		cvssV4_0 `{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}`

Subscriptions

Netis-systems Netcore Router Firmware

MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published: 2025-07-16T21:02:57.281Z

Updated: 2026-04-07T14:09:41.425Z

Reserved: 2025-04-15T19:15:22.561Z

Link: CVE-2025-34117

Vulnrichment

Updated: 2025-07-17T18:39:18.893Z

NVD

Status : Deferred

Published: 2025-07-16T21:15:26.550

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-34117

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-12T14:45:17Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction None

Vulnerable System Confidentiality Impact High

Vulnerable System Integrity Impact High

Vulnerable System Availability Impact High

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Exploitation poc

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object