Arbitrary Code Execution Vulnerability in NETIS SYSTEMS WF2409Ev4 Router
CVE-2023-42336

9.8CRITICAL

Key Information:

Vendor: Netis-systems
Status: Wf2409e Firmware
Vendor: CVE Published:; 16 September 2023

🔔 Create Netis-systems Vulnerability Alert

What is CVE-2023-42336?

A vulnerability has been identified in the NETIS SYSTEMS WF2409Ev4 router, allowing remote attackers to execute arbitrary code through manipulation of the password parameter in the /etc/shadow.sample component. This exploitation can lead to unauthorized access and exposure of sensitive information within the device. Users are strongly advised to apply the necessary patches or upgrades to mitigate the risks associated with this vulnerability.

References

https://github.com/adhikara13/CVE/blob/main/netis_WF2409E...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2023
Vulnerability Reserved
Sep 8, 2023