← back
CVE-2019-19356

CVE-2019-19356

CVSS 7.5 HIGHEPSS 28.0%● KEVCWE-78
In short

A Netis WF2419 router allows attackers with access to the web management page to run dangerous system commands as the administrator (root) through the tracert tool. This happens because the router doesn't properly check what users type, letting attackers execute any command they want.

Technical detail

CVE-2019-19356 is an authenticated command injection vulnerability in Netis WF2419 routers (firmware V1.2.31805 and V2.2.36123) affecting the tracert diagnostic functionality in the web management interface. The vulnerability stems from insufficient input sanitization, allowing an authenticated attacker to inject arbitrary system commands executed with root privileges. Impact includes complete compromise of router integrity and potential lateral movement to connected networks.

Summary generated and translated by AI from the official description.
Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found3
githubgithub.com/shadowgatt/CVE-2019-193565githubgithub.com/qq1515406085/CVE-2019-193560cve_referencepacketstormsecurity.com/files/156588/Netis-WF2419-2.2.36123-Remote-Code-Execution.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/156588/Netis-WF2419-2.2.36123-Remote-Code-Execution.htmlhttps://github.com/shadowgatt/CVE-2019-19356https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-19356https://www.digital.security/en/blog/netis-routers-remote-code-execution-cve-2019-19356