Arbitrary Code Execution Vulnerability in NETIS SYSTEMS WF2409Ev4 Router
CVE-2023-42336

9.8CRITICAL

Key Information:

Vendor: Netis-systems
Status: Wf2409e Firmware
Vendor: CVE Published:; 16 September 2023

What is CVE-2023-42336?

A vulnerability has been identified in the NETIS SYSTEMS WF2409Ev4 router, allowing remote attackers to execute arbitrary code through manipulation of the password parameter in the /etc/shadow.sample component. This exploitation can lead to unauthorized access and exposure of sensitive information within the device. Users are strongly advised to apply the necessary patches or upgrades to mitigate the risks associated with this vulnerability.

References

https://github.com/adhikara13/CVE/blob/main/netis_WF2409E...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 16, 2023
Vulnerability Reserved
Sep 8, 2023

Netis-systems

What is CVE-2023-42336?

References

CVSS V3.1

Timeline