PT-2021-17120 · Netis · Netis Wf2780+1

Published

2021-02-18

Updated

2021-02-24

CVE-2021-26747

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Netis WF2780 version 2.3.40404 Netis WF2411 version 1.1.29629

Description The issue allows Shell Metacharacter Injection into the ping command, leading to remote code execution.

Recommendations For Netis WF2780 version 2.3.40404, consider disabling the ping command functionality until a patch is available. For Netis WF2411 version 1.1.29629, consider disabling the ping command functionality until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-26747

Affected Products

Netis Wf2411

Netis Wf2780

PT-2021-17120 · Netis · Netis Wf2780+1

CVE-2021-26747

Weakness Enumeration

Related Identifiers

Affected Products

References · 6