Vulnerability Description
Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Netis-Systems | Wf2419 Firmware | 1.2.31805 |
| Netis-Systems | Wf2419 | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/156588/Netis-WF2419-2.2.36123-Remote-Code-EExploitThird Party AdvisoryVDB Entry
- https://github.com/shadowgatt/CVE-2019-19356ExploitThird Party Advisory
- https://www.digital.security/en/blog/netis-routers-remote-code-execution-cve-201ExploitThird Party Advisory
- http://packetstormsecurity.com/files/156588/Netis-WF2419-2.2.36123-Remote-Code-EExploitThird Party AdvisoryVDB Entry
- https://github.com/shadowgatt/CVE-2019-19356ExploitThird Party Advisory
- https://www.digital.security/en/blog/netis-routers-remote-code-execution-cve-201ExploitThird Party Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-US Government Resource
FAQ
What is CVE-2019-19356?
CVE-2019-19356 is a vulnerability with a CVSS score of 7.5 (HIGH). Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. ...
How severe is CVE-2019-19356?
CVE-2019-19356 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-19356?
Check the references section above for vendor advisories and patch information. Affected products include: Netis-Systems Wf2419 Firmware, Netis-Systems Wf2419.