virus logo Intrusion Prevention

Netis.WF2419.Devices.Remote.Command.Execution

description-logoDescription

This indicates an attack attempt to exploit a Command Execution vulnerability in Netis WF2419.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling a crafted HTTP request. A remote attacker may be able to exploit this to execute arbitrary code within the context of the application, via a crafted HTTP request.

affected-products-logoAffected Products

Netis WF2419 firmware version V1.2.31805 and V2.2.36123.

Impact logoImpact

System Compromise: Remote attackers can execute arbitrary code on vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch or updates available for this issue.

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2024-07-23 28.831
Modified
 Name:Netis.
WF2419.
Router.
Remote.
Command.
Execution:Netis.
WF2419.
Devices.
Remote.
Command.
Execution
2020-11-16 16.962
Modified
 Default_action:pass:drop
2020-10-21 16.947
New
ID 49528
Created Oct 08, 2020
Updated Sep 06, 2024
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 91.09%
Default Action drop
Active
Affected OS Other
Affected App CGI_app
Profile Type OS Command Injection