← Volver a CVEs
CVE-2019-19356
HIGHCISA KEV7.5
Descripcion
Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado2/7/2020
Ultima modificacion11/7/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorNetis
ProductoWF2419 Devices
Nombre vulnerabilidadNetis WF2419 Devices Remote Code Execution Vulnerability
Fecha inclusion KEV2021-11-03
Fecha limite remediacion2022-05-03
Uso en ransomwareUnknown
Productos afectados
netis-systems:wf2419netis-systems:wf2419_firmware
Debilidades (CWE)
CWE-78CWE-78
Referencias
http://packetstormsecurity.com/files/156588/Netis-WF2419-2.2.36123-Remote-Code-Execution.html(cve@mitre.org)
https://github.com/shadowgatt/CVE-2019-19356(cve@mitre.org)
https://www.digital.security/en/blog/netis-routers-remote-code-execution-cve-2019-19356(cve@mitre.org)
http://packetstormsecurity.com/files/156588/Netis-WF2419-2.2.36123-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/shadowgatt/CVE-2019-19356(af854a3a-2127-422b-91ae-364da2661108)
https://www.digital.security/en/blog/netis-routers-remote-code-execution-cve-2019-19356(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-19356(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.