Command Injection Vulnerability in Netis N3Mv2 Hardware
CVE-2023-43891

9.8CRITICAL

Key Information:

Vendor

Netis-systems

Status
N3m Firmware
Vendor
CVE Published:
2 October 2023

Badges

đź“° News Worthy

What is CVE-2023-43891?

The Netis N3Mv2 device version V1.0.1.865 exhibits a command injection vulnerability within its functionality for changing usernames and passwords. An attacker can exploit this vulnerability by sending a specially crafted payload, compromising the integrity of the device and potentially enabling unauthorized access. This poses a significant security risk, emphasizing the need for timely updates and vigilant monitoring of device configurations.

News Articles

favicon imageVulmon

CVE-2023-43891 Netis N3Mv2-V1.0.1.865 exists to contain a comm...

Netis N3Mv2-V1.0.1.865 exists to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a

References

https://github.com/adhikara13/CVE/blob/main/netis_N3/comm...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • đź“°

    First article discovered by Vulmon

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2023-43891 : Command Injection Vulnerability in Netis N3Mv2 Hardware