CVE-2019-19356
CVE-2019-19356
Vexday Risk Score
76High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.5EPSS 28.0%KEV simPoC públicaNuclei —Metasploit —Patch —
Lifecycle
12 Dec 2019Public PoC
07 Feb 2020Published on NVD
03 Nov 2021Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A Netis WF2419 router allows attackers with access to the web management page to run dangerous system commands as the administrator (root) through the tracert tool. This happens because the router doesn't properly check what users type, letting attackers execute any command they want.
Technical detail
CVE-2019-19356 is an authenticated command injection vulnerability in Netis WF2419 routers (firmware V1.2.31805 and V2.2.36123) affecting the tracert diagnostic functionality in the web management interface. The vulnerability stems from insufficient input sanitization, allowing an authenticated attacker to inject arbitrary system commands executed with root privileges. Impact includes complete compromise of router integrity and potential lateral movement to connected networks.
Summary generated and translated by AI from the official description.
Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing.
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.