CRITICAL🇵🇱 Wersja polska

CVE-2024-22729

CVSS 9.8v3.1pub. 2024-01-25upd. 2025-06-04

NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page.

🤖 AI Analysis
How it works

The vulnerability results from the lack of proper validation and sanitization of input data passed in the password parameter on the device's login page. An attacker can inject malicious system commands directly into this field, which are then executed by the device with the privileges of the process handling the login. The attack requires no authentication or user interaction, and the network vector means it can be performed remotely.

Impact

An attacker can remotely execute arbitrary system commands on the vulnerable device, leading to full takeover of the router, loss of confidentiality and integrity of data, and potential disruption of its operation.

Mitigation & patch

Patches available from the manufacturer should be applied in accordance with the references. Until the update is implemented, it is recommended to restrict access to the device's administrative interface solely to trusted local networks and block access from the WAN.

Who is affected

NETIS SYSTEMS MW5360 Firmware version V1.0.1.3031

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netis Systems Mw5360

    HW
    Netis-Systems
    wszystkie wersje
  • Netis Systems Mw5360 Firmware

    OS
    Netis-Systems
    1.0.1.3031
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-33792CRITICAL9.8PL ✓ten sam vendor

Command Injection w Netis-Systems MEX605 — zdalne wykonanie poleceń OS

CVE-2024-25850CRITICAL9.8PL ✓ten sam vendor

Command injection w Netis WF2780 przez parametr wps_ap_ssid5g

CVE-2023-45465CRITICAL9.8ten sam vendor

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ddnsDomainName para...

CVE-2023-45466CRITICAL9.8ten sam vendor

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the pin_host parameter ...

CVE-2023-45467CRITICAL9.8ten sam vendor

Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the ntpServIP parameter...