Skip to main content

Wf2411 Firmware

2 CVEs product

Monthly

CVE-2021-26747 CRITICAL POC THREAT Act Now

Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wf2780 Firmware Wf2411 Firmware
NVD GitHub
CVSS 3.1
9.8
EPSS
53.6%
CVE-2019-8985 CRITICAL POC THREAT Act Now

On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Buffer Overflow Denial Of Service RCE Wf2411 Firmware +1
NVD GitHub
CVSS 3.0
9.8
EPSS
13.3%
EPSS 54% CVSS 9.8
CRITICAL POC THREAT Act Now

Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Command Injection Wf2780 Firmware +1
NVD GitHub
EPSS 13% CVSS 9.8
CRITICAL POC THREAT Act Now

On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Buffer Overflow Denial Of Service +3
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy