Remote Information Disclosure in Netis Wifi Routers
CVE-2024-48457

Currently unrated

Key Information:

Vendor: Netis
Status: Wifi Routers
Vendor: CVE Published:; 6 January 2025

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 57%

What is CVE-2024-48457?

A security flaw in multiple models of Netis Wifi Routers enables remote attackers to exploit the devices via specific endpoints, gaining unauthorized access to sensitive information. This vulnerability affects various versions and models, including the Wifi6 Router NX10 and Wifi 11AC Router series. Attackers may exploit the /cgi-bin/skk_set.cgi endpoint and the binary /bin/scripts/start_wifi.sh, allowing them to retrieve confidential data without proper authorization. Users are advised to review the security protocols of their devices and apply any available updates.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Metasploit exploit module for CVE-2024-48457
Created by Rapid7

References

https://github.com/users/h00die-gr3y/projects/1/views/1

EPSS Score

57% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 6, 2025
🟡
Public PoC available
Dec 27, 2024
👾
Exploit known to exist
Dec 27, 2024