Lucene search

K
cveMitreCVE-2019-8985
HistoryFeb 21, 2019 - 7:29 p.m.

CVE-2019-8985

2019-02-2119:29:00
CWE-306
CWE-787
mitre
web.nvd.nist.gov
32
netis
wf2411
wf2xxx
firmware
buffer overflow
denial of service
remote code execution
http
security vulnerability

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.01

Percentile

83.5%

On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability can be triggered by a GET request with a long HTTP “Authorization: Basic” header that is mishandled by user_auth->user_ok in /bin/boa.

Affected configurations

Nvd
Node
netis-systemswf2411_firmwareMatch2.1.36123
AND
netis-systemswf2411Match-
Node
netis-systemswf2880_firmwareMatch2.1.36123
AND
netis-systemswf2880Match-
VendorProductVersionCPE
netis-systemswf2411_firmware2.1.36123cpe:2.3:o:netis-systems:wf2411_firmware:2.1.36123:*:*:*:*:*:*:*
netis-systemswf2411-cpe:2.3:h:netis-systems:wf2411:-:*:*:*:*:*:*:*
netis-systemswf2880_firmware2.1.36123cpe:2.3:o:netis-systems:wf2880_firmware:2.1.36123:*:*:*:*:*:*:*
netis-systemswf2880-cpe:2.3:h:netis-systems:wf2880:-:*:*:*:*:*:*:*

CVSS2

9

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:P/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.01

Percentile

83.5%

Related for CVE-2019-8985