Command Injection Vulnerability in NETIS SYSTEMS MW5360 Router
CVE-2024-22729

9.8CRITICAL

Key Information:

Vendor: Netis-systems
Status: Mw5360 Firmware
Vendor: CVE Published:; 25 January 2024

🔔 Create Netis-systems Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 91%

What is CVE-2024-22729?

The NETIS SYSTEMS MW5360 router has been identified as having a command injection vulnerability that can be exploited via the password parameter on its login page. This security flaw allows attackers to execute arbitrary commands on the device, potentially compromising its integrity and security. Users of version V1.0.1.3031 should be particularly cautious and apply any available mitigations or updates to ensure their network devices remain secure.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2024-22729
Created by Rapid7

References

https://github.com/adhikara13/CVE/blob/main/netis_MW5360/...

EPSS Score

91% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 19, 2024
👾
Exploit known to exist
May 19, 2024
Vulnerability published
Jan 25, 2024
Vulnerability Reserved
Jan 11, 2024

JSON