PT-2023-26615 · Netis Systems · Netis Systems Wf2409E

Adhikara13

Publicado

2023-08-28

Atualizado

2023-09-13

CVE-2023-38829

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions NETIS SYSTEMS WF2409E version 3.6.42541

Description An issue in the diagnostic tools component of the admin management interface allows a remote attacker to execute arbitrary code via the ping and traceroute functions.

Recommendations For NETIS SYSTEMS WF2409E version 3.6.42541, consider disabling the diagnostic tools component in the admin management interface until a patch is available. Restrict access to the ping and traceroute functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77

Identificadores relacionados

CVE-2023-38829

Produtos afetados

Netis Systems Wf2409E

PT-2023-26615 · Netis Systems · Netis Systems Wf2409E

CVE-2023-38829

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6