← Back to CVEs
CVE-2019-19356
HIGHCISA KEV7.5
Description
Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing.
CVE Details
CVSS v3.1 Score7.5
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityHIGH
Privileges RequiredLOW
User InteractionNONE
Published2/7/2020
Last Modified11/7/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorNetis
ProductWF2419 Devices
Vulnerability NameNetis WF2419 Devices Remote Code Execution Vulnerability
KEV Date Added2021-11-03
Remediation Due Date2022-05-03
Ransomware UseUnknown
Affected Products
netis-systems:wf2419netis-systems:wf2419_firmware
Weaknesses (CWE)
CWE-78CWE-78
References
http://packetstormsecurity.com/files/156588/Netis-WF2419-2.2.36123-Remote-Code-Execution.html(cve@mitre.org)
https://github.com/shadowgatt/CVE-2019-19356(cve@mitre.org)
https://www.digital.security/en/blog/netis-routers-remote-code-execution-cve-2019-19356(cve@mitre.org)
http://packetstormsecurity.com/files/156588/Netis-WF2419-2.2.36123-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/shadowgatt/CVE-2019-19356(af854a3a-2127-422b-91ae-364da2661108)
https://www.digital.security/en/blog/netis-routers-remote-code-execution-cve-2019-19356(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-19356(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.