Command Injection Vulnerability in Netis N3Mv2 Router
CVE-2023-45465

9.8CRITICAL

Key Information:

Vendor: Netis-systems
Status: N3m Firmware
Vendor: CVE Published:; 13 October 2023

🔔 Create Netis-systems Vulnerability Alert

What is CVE-2023-45465?

A command injection vulnerability has been identified in the Netis N3Mv2 routers, specifically through the 'ddnsDomainName' parameter within the Dynamic DNS settings. This flaw allows attackers to execute arbitrary commands on the device, potentially leading to unauthorized actions and compromising the router's integrity. Users are advised to review and implement recommended security measures to protect their devices from potential exploitation.

References

https://github.com/adhikara13/CVE/blob/main/netis_N3/blin...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2023
Vulnerability Reserved
Oct 9, 2023