CVE-2018-6391

HIGH

Netis-systems Wf2419 Firmware - CSRF

Title source: rule

Description

A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings.

Exploits (1)

exploitdb WORKING POC

by Sajibe Kanti · htmlwebappshardware

https://www.exploit-db.com/exploits/43919

View Code ZIP pw:eip

References (3)

[Exploit, Third Party Advisory] https://0day.today/exploit/29659

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/146117/netiswf2419-xsrf.txt

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/43919/

Scores

CVSS v3 8.8

EPSS 0.0050

EPSS Percentile 66.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-352

Status published

Products (1)

netis-systems/wf2419_firmware 2.2.36123

Published Jan 29, 2018

Tracked Since Feb 18, 2026