Summary: A recent report has uncovered critical vulnerabilities in Netis routers and their rebranded versions, allowing for potential unauthenticated remote code execution. These vulnerabilities could lead to significant exploitation risks for thousands of devices.
Threat Actor: Unknown | unknown
Victim: Netis routers | Netis routers
Key Point :
- Three vulnerabilities tracked as CVE-2024-48455, CVE-2024-48456, and CVE-2024-48457 allow for unauthenticated remote code execution.
- CVE-2024-48455 enables information disclosure of sensitive configuration data.
- CVE-2024-48456 allows command injection via the password change functionality, leading to remote shell access.
- CVE-2024-48457 permits authentication bypass, enabling attackers to reset router and WiFi passwords.
- Attackers can chain these vulnerabilities to gain full control over affected routers.
- No official patches have been released by Netis or its partners to address these issues.