Skip to content

Latest commit

 

History

History
24 lines (13 loc) · 1.26 KB

blind command injection in hostname parameter in wan settings.md

File metadata and controls

24 lines (13 loc) · 1.26 KB

Netis N3Mv2-V1.0.1.865 Router Blind Command Injection in Hostname Parameter in WAN Settings

Description

A critical security vulnerability has been identified in the Netis N3Mv2-V1.0.1.865 router firmware, specifically within the WAN settings where the "Hostname" parameter is susceptible to blind command injection. This vulnerability allows an attacker to inject arbitrary OS commands via the "Hostname" parameter, potentially leading to unauthorized access or other malicious actions on the router.

Router

Firmware Information

Affected Version

  • Version: Netis N3Mv2-V1.0.1.865

Vulnerability Details

The vulnerable aspect of the firmware lies in the handling of the "Hostname" parameter within WAN settings. Attackers can craft malicious input for the "Hostname" field, leading to blind command injection. This allows malicious actors to execute arbitrary OS commands on the router.

POC Video

Watch the video