Command Injection Vulnerability in Netis N3Mv2 by Netis
CVE-2023-45467

9.8CRITICAL

Key Information:

Vendor: Netis-systems
Status: N3m Firmware
Vendor: CVE Published:; 13 October 2023

🔔 Create Netis-systems Vulnerability Alert

What is CVE-2023-45467?

The Netis N3Mv2 router is susceptible to a command injection vulnerability through the ntpServIP parameter found in the Time Settings. An attacker could exploit this flaw to execute arbitrary commands on the device, potentially compromising network integrity and security. Users of the affected version should take immediate precautions to safeguard their systems.

References

https://github.com/adhikara13/CVE/blob/main/netis_N3/blin...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 13, 2023
Vulnerability Reserved
Oct 9, 2023