Multiple flaws reported in Netis routers that can be chained to achieve auth bypass, RCE
Take action: If you are running Netis routers, you are probably vulnerable. There is no patch available, but there is an exploit ready. Read the article and the deep technical analysis. Then make sure your Netis routers are not visible on the internet, or if they are the admin interface ports are disabled or blocked. Then consider replacing them altoghether, because they will be hacked
Learn More
Tthree significant are disclosed affecting multiple Netis router models. These vulnerabilities can be chained together to achieve remote code execution on affected devices.
- CVE-2024-48457 (CVSS score 7.5) - Authentication Bypass - Enables unauthenticated attackers to remotely set admin passwords. Exploits a flaw in the initial setup POST request system, but can be repeated at any time after initial setup
- CVE-2024-48456 (CVSS score 8.1) - Remote Code Execution - Requires administrator access, but exploits the admin password reset feature. It allows execution of code from attacker-controlled servers. Can be chained with CVE-2024-48457 to achieve full system compromise
- CVE-2024-48455 (CVSS score 2.7) - Information Disclosure - Allows unauthenticated remote attackers to retrieve sensitive device information. Exploitable via a simple POST request, could be used to inform further attacks
Affected Models:
- NX10
- NC65
- NC63
- NC21
- MW5360
The vulnerabilities were discovered by security researcher h00die-gr3y. No patches are currently available as Netis has not responded to the vulnerability report or subsequent inquiries from media outlets.
There is even a metasploit exploit available to chain these flaws.
Netis devices have a history of security issues, including involvement in a Mirai botnet-based DDoS campaign in October 2023 (alongside D-Link and Zyxel devices) and a significant backdoor vulnerability in 2014 affecting devices with externally accessible IP addresses.
