Netis-Systems Wf2411 Firmware vulnerabilities
2 known vulnerabilities affecting netis-systems/wf2411_firmware.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2
Vulnerabilities
Page 1 of 1
CVE-2019-8985P2CRITICALCVSS 9.8PoCv2.1.361232019-02-21
CVE-2019-8985 [CRITICAL] CWE-306 CVE-2019-8985: On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF28
On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET request with a long HTTP "Authorization: Basic"
nvd
CVE-2021-26747P2CRITICALCVSS 9.8v1.1.296292021-02-18
CVE-2021-26747 [CRITICAL] CWE-78 CVE-2021-26747: Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the pin
Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.
nvd