Search criteria
6 vulnerabilities found for WF2419 by Netis
CVE-2025-9119 (GCVE-0-2025-9119)
Vulnerability from cvelistv5 – Published: 2025-08-18 20:32 – Updated: 2025-08-18 20:40
VLAI?
Title
Netis WF2419 Wireless Settings index.htm cross site scripting
Summary
A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSID with the input <img/src/onerror=prompt(8)> causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Credits
Fergod (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9119",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T20:40:22.687014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T20:40:32.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Wireless Settings Page"
],
"product": "WF2419",
"vendor": "Netis",
"versions": [
{
"status": "affected",
"version": "1.2.29433"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Fergod (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSID with the input \u003cimg/src/onerror=prompt(8)\u003e causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Netis WF2419 1.2.29433 gefunden. Dies betrifft einen unbekannten Teil der Datei /index.htm der Komponente Wireless Settings Page. Durch Beeinflussen des Arguments SSID mit der Eingabe \u003cimg/src/onerror=prompt(8)\u003e mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T20:32:05.688Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320456 | Netis WF2419 Wireless Settings index.htm cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320456"
},
{
"name": "VDB-320456 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320456"
},
{
"name": "Submit #628410 | Netis WF2419 V1.2.29433 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.628410"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-18T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-18T17:20:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "Netis WF2419 Wireless Settings index.htm cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9119",
"datePublished": "2025-08-18T20:32:05.688Z",
"dateReserved": "2025-08-18T15:15:51.402Z",
"dateUpdated": "2025-08-18T20:40:32.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-9119 (GCVE-0-2025-9119)
Vulnerability from nvd – Published: 2025-08-18 20:32 – Updated: 2025-08-18 20:40
VLAI?
Title
Netis WF2419 Wireless Settings index.htm cross site scripting
Summary
A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSID with the input <img/src/onerror=prompt(8)> causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Credits
Fergod (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9119",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-18T20:40:22.687014Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T20:40:32.927Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Wireless Settings Page"
],
"product": "WF2419",
"vendor": "Netis",
"versions": [
{
"status": "affected",
"version": "1.2.29433"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Fergod (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSID with the input \u003cimg/src/onerror=prompt(8)\u003e causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Netis WF2419 1.2.29433 gefunden. Dies betrifft einen unbekannten Teil der Datei /index.htm der Komponente Wireless Settings Page. Durch Beeinflussen des Arguments SSID mit der Eingabe \u003cimg/src/onerror=prompt(8)\u003e mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit wurde der \u00d6ffentlichkeit bekannt gemacht und k\u00f6nnte verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-18T20:32:05.688Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-320456 | Netis WF2419 Wireless Settings index.htm cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.320456"
},
{
"name": "VDB-320456 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.320456"
},
{
"name": "Submit #628410 | Netis WF2419 V1.2.29433 Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.628410"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-18T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-18T17:20:54.000Z",
"value": "VulDB entry last update"
}
],
"title": "Netis WF2419 Wireless Settings index.htm cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9119",
"datePublished": "2025-08-18T20:32:05.688Z",
"dateReserved": "2025-08-18T15:15:51.402Z",
"dateUpdated": "2025-08-18T20:40:32.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202002-0403
Vulnerability from variot - Updated: 2023-12-26 23:01Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing. Netis WF2419 To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Netis WF2419 is a 300Mbps wireless router. The vulnerability stems from a lack of validation of user input
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0403",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wf2419",
"scope": "eq",
"trust": 2.4,
"vendor": "netis",
"version": "1.2.31805"
},
{
"model": "wf2419",
"scope": "eq",
"trust": 2.4,
"vendor": "netis",
"version": "2.2.36123"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04554"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014562"
},
{
"db": "NVD",
"id": "CVE-2019-19356"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netis-systems:wf2419_firmware:1.2.31805:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:netis-systems:wf2419_firmware:2.2.36123:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netis-systems:wf2419:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19356"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Elias Issa",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-238"
}
],
"trust": 0.6
},
"cve": "CVE-2019-19356",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 8.5,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2019-014562",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2020-04554",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.8,
"id": "CVE-2019-19356",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "High",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014562",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19356",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014562",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2020-04554",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202002-238",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-19356",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04554"
},
{
"db": "VULMON",
"id": "CVE-2019-19356"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014562"
},
{
"db": "NVD",
"id": "CVE-2019-19356"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-238"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing. Netis WF2419 To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. Netis WF2419 is a 300Mbps wireless router. The vulnerability stems from a lack of validation of user input",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19356"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014562"
},
{
"db": "CNVD",
"id": "CNVD-2020-04554"
},
{
"db": "VULMON",
"id": "CVE-2019-19356"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19356",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "156588",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014562",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-04554",
"trust": 0.6
},
{
"db": "CXSECURITY",
"id": "WLB-2020030011",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202002-238",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-19356",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04554"
},
{
"db": "VULMON",
"id": "CVE-2019-19356"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014562"
},
{
"db": "NVD",
"id": "CVE-2019-19356"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-238"
}
]
},
"id": "VAR-202002-0403",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04554"
}
],
"trust": 1.225
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04554"
}
]
},
"last_update_date": "2023-12-26T23:01:06.499000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WF2419",
"trust": 0.8,
"url": "http://www.netis-systems.com/suppory/de_details/id/1/de/44.html"
},
{
"title": "NETIS router (WF2419) RCE (CVE-2019-19356)\nContext\nPrerequisites\nVulnerability details\nExploit",
"trust": 0.1,
"url": "https://github.com/shadowgatt/cve-2019-19356 "
},
{
"title": "CVE-2019-19356\ncd CVE-2019-19356\ndocker-compose up -d",
"trust": 0.1,
"url": "https://github.com/qq1515406085/cve-2019-19356 "
},
{
"title": "Known Exploited Vulnerabilities Detector",
"trust": 0.1,
"url": "https://github.com/ostorlab/kev "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/hectorgie/poc-in-github "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/developer3000s/poc-in-github "
},
{
"title": "PoC in GitHub",
"trust": 0.1,
"url": "https://github.com/0xt11/cve-poc "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-19356"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014562"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014562"
},
{
"db": "NVD",
"id": "CVE-2019-19356"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.digital.security/en/blog/netis-routers-remote-code-execution-cve-2019-19356"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19356"
},
{
"trust": 1.8,
"url": "https://github.com/shadowgatt/cve-2019-19356"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/156588/netis-wf2419-2.2.36123-remote-code-execution.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19356"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/issue/wlb-2020030011"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-04554"
},
{
"db": "VULMON",
"id": "CVE-2019-19356"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014562"
},
{
"db": "NVD",
"id": "CVE-2019-19356"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-238"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-04554"
},
{
"db": "VULMON",
"id": "CVE-2019-19356"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014562"
},
{
"db": "NVD",
"id": "CVE-2019-19356"
},
{
"db": "CNNVD",
"id": "CNNVD-202002-238"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-04554"
},
{
"date": "2020-02-07T00:00:00",
"db": "VULMON",
"id": "CVE-2019-19356"
},
{
"date": "2020-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014562"
},
{
"date": "2020-02-07T23:15:10.013000",
"db": "NVD",
"id": "CVE-2019-19356"
},
{
"date": "2020-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-238"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-04554"
},
{
"date": "2022-01-01T00:00:00",
"db": "VULMON",
"id": "CVE-2019-19356"
},
{
"date": "2020-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014562"
},
{
"date": "2022-01-01T19:57:27.453000",
"db": "NVD",
"id": "CVE-2019-19356"
},
{
"date": "2022-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202002-238"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-238"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netis WF2419 In OS Command injection vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014562"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202002-238"
}
],
"trust": 0.6
}
}
VAR-201801-1313
Vulnerability from variot - Updated: 2023-12-18 13:38Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page. Netis WF2419 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. NetisWF2419 is a wireless router product from China Tiandan Network (NETIS). A cross-site scripting vulnerability exists in the NetisWF24193.2.41381 release that stems from a program that does not adequately filter user-submitted data. A remote attacker can use the Description field on the MACFiltering page to exploit the vulnerability to execute HTML or script code in the context of an affected website. There is a cross-site scripting vulnerability in Netis WF2419 version 3.2.41381
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1313",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wf2419",
"scope": "eq",
"trust": 2.4,
"vendor": "netis",
"version": "3.2.41381"
},
{
"model": "wf2419",
"scope": "eq",
"trust": 0.6,
"vendor": "netis",
"version": "v3.2.41381"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03057"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001594"
},
{
"db": "NVD",
"id": "CVE-2018-6190"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-908"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netis-systems:wf2419_firmware:3.2.41381:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netis-systems:wf2419:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6190"
}
]
},
"cve": "CVE-2018-6190",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-6190",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-03057",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-136222",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-6190",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6190",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-03057",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-908",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-136222",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03057"
},
{
"db": "VULHUB",
"id": "VHN-136222"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001594"
},
{
"db": "NVD",
"id": "CVE-2018-6190"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-908"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page. Netis WF2419 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. NetisWF2419 is a wireless router product from China Tiandan Network (NETIS). A cross-site scripting vulnerability exists in the NetisWF24193.2.41381 release that stems from a program that does not adequately filter user-submitted data. A remote attacker can use the Description field on the MACFiltering page to exploit the vulnerability to execute HTML or script code in the context of an affected website. There is a cross-site scripting vulnerability in Netis WF2419 version 3.2.41381",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6190"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001594"
},
{
"db": "CNVD",
"id": "CNVD-2018-03057"
},
{
"db": "VULHUB",
"id": "VHN-136222"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-136222",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136222"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6190",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "146032",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "43981",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001594",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-908",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-03057",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136222",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03057"
},
{
"db": "VULHUB",
"id": "VHN-136222"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001594"
},
{
"db": "NVD",
"id": "CVE-2018-6190"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-908"
}
]
},
"id": "VAR-201801-1313",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03057"
},
{
"db": "VULHUB",
"id": "VHN-136222"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03057"
}
]
},
"last_update_date": "2023-12-18T13:38:45.241000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WF2419",
"trust": 0.8,
"url": "http://www.netis-systems.com/suppory/de_details/id/1/de/44.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001594"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136222"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001594"
},
{
"db": "NVD",
"id": "CVE-2018-6190"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://packetstormsecurity.com/files/146032/netis-wf2419-3.2.41381-cross-site-scripting.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6190"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/43981/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6190"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03057"
},
{
"db": "VULHUB",
"id": "VHN-136222"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001594"
},
{
"db": "NVD",
"id": "CVE-2018-6190"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-908"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-03057"
},
{
"db": "VULHUB",
"id": "VHN-136222"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001594"
},
{
"db": "NVD",
"id": "CVE-2018-6190"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-908"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03057"
},
{
"date": "2018-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-136222"
},
{
"date": "2018-02-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001594"
},
{
"date": "2018-01-24T21:29:00.310000",
"db": "NVD",
"id": "CVE-2018-6190"
},
{
"date": "2018-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-908"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03057"
},
{
"date": "2018-02-09T00:00:00",
"db": "VULHUB",
"id": "VHN-136222"
},
{
"date": "2018-02-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001594"
},
{
"date": "2018-02-09T18:10:04.573000",
"db": "NVD",
"id": "CVE-2018-6190"
},
{
"date": "2018-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-908"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-908"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netis WF2419 Device cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001594"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-908"
}
],
"trust": 0.6
}
}
VAR-201801-1289
Vulnerability from variot - Updated: 2023-12-18 12:44A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings. Netis WF2419 The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NetisWF2419 is a wireless router product from China Tiandan Network (NETIS)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1289",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wf2419",
"scope": "eq",
"trust": 2.4,
"vendor": "netis",
"version": "2.2.36123"
},
{
"model": "wf2419",
"scope": "eq",
"trust": 0.6,
"vendor": "netis",
"version": "v2.2.36123"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04534"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001684"
},
{
"db": "NVD",
"id": "CVE-2018-6391"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-1052"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netis-systems:wf2419_firmware:2.2.36123:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netis-systems:wf2419:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6391"
}
]
},
"cve": "CVE-2018-6391",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-6391",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-04534",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-136423",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-6391",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-6391",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-04534",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-1052",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-136423",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04534"
},
{
"db": "VULHUB",
"id": "VHN-136423"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001684"
},
{
"db": "NVD",
"id": "CVE-2018-6391"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-1052"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings. Netis WF2419 The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. NetisWF2419 is a wireless router product from China Tiandan Network (NETIS)",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6391"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001684"
},
{
"db": "CNVD",
"id": "CNVD-2018-04534"
},
{
"db": "VULHUB",
"id": "VHN-136423"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-6391",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "146117",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "43919",
"trust": 2.3
},
{
"db": "0DAYTODAY",
"id": "29659",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001684",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-1052",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "43919",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2018-04534",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-136423",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04534"
},
{
"db": "VULHUB",
"id": "VHN-136423"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001684"
},
{
"db": "NVD",
"id": "CVE-2018-6391"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-1052"
}
]
},
"id": "VAR-201801-1289",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04534"
},
{
"db": "VULHUB",
"id": "VHN-136423"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04534"
}
]
},
"last_update_date": "2023-12-18T12:44:12.964000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WF2419",
"trust": 0.8,
"url": "http://www.netis-systems.com/suppory/de_details/id/1/de/44.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001684"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136423"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001684"
},
{
"db": "NVD",
"id": "CVE-2018-6391"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://packetstormsecurity.com/files/146117/netiswf2419-xsrf.txt"
},
{
"trust": 2.3,
"url": "https://www.exploit-db.com/exploits/43919/"
},
{
"trust": 1.7,
"url": "https://0day.today/exploit/29659"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6391"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6391"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04534"
},
{
"db": "VULHUB",
"id": "VHN-136423"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001684"
},
{
"db": "NVD",
"id": "CVE-2018-6391"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-1052"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-04534"
},
{
"db": "VULHUB",
"id": "VHN-136423"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001684"
},
{
"db": "NVD",
"id": "CVE-2018-6391"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-1052"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04534"
},
{
"date": "2018-01-29T00:00:00",
"db": "VULHUB",
"id": "VHN-136423"
},
{
"date": "2018-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001684"
},
{
"date": "2018-01-29T19:29:01.157000",
"db": "NVD",
"id": "CVE-2018-6391"
},
{
"date": "2018-01-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-1052"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04534"
},
{
"date": "2018-02-14T00:00:00",
"db": "VULHUB",
"id": "VHN-136423"
},
{
"date": "2018-03-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001684"
},
{
"date": "2018-02-14T15:46:18.480000",
"db": "NVD",
"id": "CVE-2018-6391"
},
{
"date": "2018-01-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-1052"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-1052"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netis WF2419 Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04534"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-1052"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-1052"
}
],
"trust": 0.6
}
}
VAR-201801-1421
Vulnerability from variot - Updated: 2023-12-18 12:29Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page. Netis WF2419 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. NetisWF2419 is a wireless router product from China Tiandan Network (NETIS). A cross-site scripting vulnerability exists in the NetisWF24192.2.36123 release that stems from a program that does not adequately filter user-submitted data. A remote attacker can use the \342\200\230Description\342\200\231 parameter of the BandwidthControlRuleSettings page to exploit the vulnerability to execute web scripts or HTML in the context of an affected website. There is a cross-site scripting vulnerability in Netis WF2419 version 2.2.36123
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1421",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wf2419",
"scope": "eq",
"trust": 2.4,
"vendor": "netis",
"version": "2.2.36123"
},
{
"model": "systems netis-wf2419",
"scope": "eq",
"trust": 0.6,
"vendor": "netis",
"version": "v2.2.36123"
},
{
"model": "wf2419",
"scope": "eq",
"trust": 0.6,
"vendor": "netis",
"version": "v2.2.36123"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20980"
},
{
"db": "CNVD",
"id": "CNVD-2018-03058"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001571"
},
{
"db": "NVD",
"id": "CVE-2018-5967"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-989"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netis-systems:wf2419_firmware:2.2.36123:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netis-systems:wf2419:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5967"
}
]
},
"cve": "CVE-2018-5967",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-5967",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-20980",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2018-03058",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-135999",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-5967",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-5967",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-20980",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-03058",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-989",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-135999",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20980"
},
{
"db": "CNVD",
"id": "CNVD-2018-03058"
},
{
"db": "VULHUB",
"id": "VHN-135999"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001571"
},
{
"db": "NVD",
"id": "CVE-2018-5967"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-989"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page. Netis WF2419 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. NetisWF2419 is a wireless router product from China Tiandan Network (NETIS). A cross-site scripting vulnerability exists in the NetisWF24192.2.36123 release that stems from a program that does not adequately filter user-submitted data. A remote attacker can use the \\342\\200\\230Description\\342\\200\\231 parameter of the BandwidthControlRuleSettings page to exploit the vulnerability to execute web scripts or HTML in the context of an affected website. There is a cross-site scripting vulnerability in Netis WF2419 version 2.2.36123",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5967"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001571"
},
{
"db": "CNVD",
"id": "CNVD-2018-20980"
},
{
"db": "CNVD",
"id": "CNVD-2018-03058"
},
{
"db": "VULHUB",
"id": "VHN-135999"
}
],
"trust": 2.79
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "145513",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2018-5967",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001571",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-989",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-20980",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2018-03058",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-135999",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20980"
},
{
"db": "CNVD",
"id": "CNVD-2018-03058"
},
{
"db": "VULHUB",
"id": "VHN-135999"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001571"
},
{
"db": "NVD",
"id": "CVE-2018-5967"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-989"
}
]
},
"id": "VAR-201801-1421",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20980"
},
{
"db": "CNVD",
"id": "CNVD-2018-03058"
},
{
"db": "VULHUB",
"id": "VHN-135999"
}
],
"trust": 2.1125
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20980"
},
{
"db": "CNVD",
"id": "CNVD-2018-03058"
}
]
},
"last_update_date": "2023-12-18T12:29:12.667000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "WF2419",
"trust": 0.8,
"url": "http://www.netis-systems.com/suppory/de_details/id/1/de/44.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001571"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135999"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001571"
},
{
"db": "NVD",
"id": "CVE-2018-5967"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://packetstormsecurity.com/files/145513/netis-wf2419-html-injection.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5967"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5967"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20980"
},
{
"db": "CNVD",
"id": "CNVD-2018-03058"
},
{
"db": "VULHUB",
"id": "VHN-135999"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001571"
},
{
"db": "NVD",
"id": "CVE-2018-5967"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-989"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-20980"
},
{
"db": "CNVD",
"id": "CNVD-2018-03058"
},
{
"db": "VULHUB",
"id": "VHN-135999"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001571"
},
{
"db": "NVD",
"id": "CVE-2018-5967"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-989"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20980"
},
{
"date": "2018-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03058"
},
{
"date": "2018-01-25T00:00:00",
"db": "VULHUB",
"id": "VHN-135999"
},
{
"date": "2018-02-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001571"
},
{
"date": "2018-01-25T08:29:00.227000",
"db": "NVD",
"id": "CVE-2018-5967"
},
{
"date": "2018-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-989"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20980"
},
{
"date": "2018-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03058"
},
{
"date": "2018-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-135999"
},
{
"date": "2018-02-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001571"
},
{
"date": "2018-02-12T14:31:36.900000",
"db": "NVD",
"id": "CVE-2018-5967"
},
{
"date": "2018-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-989"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-989"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netis WF2419 Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03058"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-989"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-989"
}
],
"trust": 0.6
}
}