PT-2023-29556 · Netis · Netis N3Mv2
Adhikara13
·
Publicado
2023-10-13
·
Atualizado
2023-10-19
·
CVE-2023-45465
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Netis N3Mv2 version 1.0.1.865
Description
A command injection issue was discovered via the
ddnsDomainName parameter in the Dynamic DNS settings. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents.Recommendations
For Netis N3Mv2 version 1.0.1.865, consider restricting access to the Dynamic DNS settings to minimize the risk of exploitation. Avoid using the
ddnsDomainName parameter in the affected settings until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Command Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Netis N3Mv2