CVE-2018-6190
MEDIUMNetis WF2419 V3.2.41381 - Stored Cross-Site Scripting via MAC Filtering Description Field
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2018-6190. PoCs published by Sajibe Kanti.
AI-analyzed exploit summary This is a writeup describing an HTML injection vulnerability in Netis-WF2419 routers. The PoC involves injecting HTML code into the MAC address description field, which is then rendered in the router's web interface.
Description
Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page.
Exploits (1)
exploitdb
WRITEUP
by Sajibe Kanti · textwebappshardware
https://www.exploit-db.com/exploits/43981
This is a writeup describing an HTML injection vulnerability in Netis-WF2419 routers. The PoC involves injecting HTML code into the MAC address description field, which is then rendered in the router's web interface.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Netis-WF2419 V3.2.41381
Auth required
Prerequisites:
Access to the router's admin interface · Valid credentials for authentication
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (2)
Core 2
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
https://packetstormsecurity.com/files/146032/Netis-WF2419-3.2.41381-Cross-Site-Scripting.html
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/43981/
Scores
CVSS v3
5.4
EPSS
0.0161
EPSS Percentile
72.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
netis-systems/wf2419_firmware
3.2.41381
Published
Jan 24, 2018
Tracked Since
Feb 18, 2026