Adhikara13

**Name of the Vulnerable Software and Affected Versions** Netis N3Mv2 version 1.0.1.865 **Description** The issue is a buffer overflow that can be triggered via the `pingWdogIp`. This allows attackers to cause a Denial of Service (DoS) by providing a crafted input. **Recommendations** For version 1.0.1.865, consider restricting access to the `pingWdogIp` to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netis N3Mv2 version 1.0.1.865 **Description** A command injection issue was discovered via the `ddnsDomainName` parameter in the Dynamic DNS settings. This allows for potential exploitation. No information is provided about the estimated number of affected devices or real-world incidents. **Recommendations** For Netis N3Mv2 version 1.0.1.865, consider restricting access to the Dynamic DNS settings to minimize the risk of exploitation. Avoid using the `ddnsDomainName` parameter in the affected settings until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netis N3Mv2 version 1.0.1.865 **Description** The issue is related to a command injection vulnerability in the Changing Username and Password function. This vulnerability can be exploited via a crafted payload. **Recommendations** For Netis N3Mv2 version 1.0.1.865, consider disabling the Changing Username and Password function until a patch is available. Restrict access to this function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netis N3Mv2 version 1.0.1.865 **Description** A command injection issue was discovered in the Wake-On-LAN (WoL) function via the `wakeup mac` parameter. This issue can be exploited using a crafted payload. **Recommendations** For Netis N3Mv2 version 1.0.1.865, consider disabling the Wake-On-LAN (WoL) function until a patch is available to prevent exploitation via the `wakeup mac` parameter.

**Name of the Vulnerable Software and Affected Versions** Netis N3Mv2 version 1.0.1.865 **Description** The issue is related to a command injection vulnerability. This vulnerability can be exploited via a crafted payload, specifically through the `Hostname` parameter within the WAN settings. **Recommendations** For Netis N3Mv2 version 1.0.1.865, consider restricting access to the WAN settings to minimize the risk of exploitation. Avoid using the `Hostname` parameter in the WAN settings until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netis N3Mv2 version 1.0.1.865 **Description** A command injection issue was discovered in the diagnostic tools page of the affected software. This issue can be exploited through a crafted HTTP request. **Recommendations** For version 1.0.1.865, consider restricting access to the diagnostic tools page until a patch is available. As a temporary workaround, avoid using the diagnostic tools page to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** NETIS SYSTEMS WF2409E version 3.6.42541 **Description** An issue in the diagnostic tools component of the admin management interface allows a remote attacker to execute arbitrary code via the `ping` and `traceroute` functions. **Recommendations** For NETIS SYSTEMS WF2409E version 3.6.42541, consider disabling the diagnostic tools component in the admin management interface until a patch is available. Restrict access to the `ping` and `traceroute` functions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.