Remote Information Disclosure on Netis Wifi Routers
CVE-2024-48455

2.7LOW

Key Information:

Vendor: Netis
Status: Wifi Routers
Vendor: CVE Published:; 6 January 2025

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 63%

What is CVE-2024-48455?

A vulnerability has been identified in select Netis Wifi routers that allows a remote attacker to exploit specific parameters within the skk_get.cgi component. This exploitation could potentially lead to the exposure of sensitive information, posing a risk to the security of affected devices.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2024-48455
Created by Rapid7

References

https://github.com/users/h00die-gr3y/projects/1/views/1

EPSS Score

63% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

2.7

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 6, 2025
🟡
Public PoC available
Dec 27, 2024
👾
Exploit known to exist
Dec 27, 2024

CVE-2024-48455 Data

JSON