Command Injection Vulnerability in Netis N3Mv2 by Netis
CVE-2023-43890

8.8HIGH

Key Information:

Vendor: Netis-systems
Status: N3m Firmware
Vendor: CVE Published:; 2 October 2023

What is CVE-2023-43890?

The Netis N3Mv2-V1.0.1.865 has a command injection vulnerability present in its diagnostic tools page. This security flaw allows an attacker to execute arbitrary commands on the device by sending specifically crafted HTTP requests, potentially compromising network security and device integrity.

References

https://github.com/adhikara13/CVE/blob/main/netis_N3/comm...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 2, 2023
Vulnerability Reserved
Sep 25, 2023

Netis-systems

What is CVE-2023-43890?

References

CVSS V3.1

Timeline