CVE-2019-19356

HIGH KEV LAB

Netis WF2419 Firmware V1.2.31805 and V2.2.36123 - Authenticated Remote Code Execution via Tracert Diagnostic Tool

Title source: llm

Exploitation Summary

CVE-2019-19356 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 2 public exploits from researchers including shadowgatt, qq1515406085.

AI-analyzed exploit summary The repository contains a functional Python exploit for CVE-2019-19356, targeting Netis WF2419 routers. The exploit leverages command injection via the 'tracert' diagnostic tool to achieve authenticated remote code execution (RCE) as root.

Description

Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing.

Exploits (2)

nomisec WORKING POC 5 stars

by shadowgatt · remote-auth

https://github.com/shadowgatt/CVE-2019-19356

View Code ZIP pw:eip

The repository contains a functional Python exploit for CVE-2019-19356, targeting Netis WF2419 routers. The exploit leverages command injection via the 'tracert' diagnostic tool to achieve authenticated remote code execution (RCE) as root.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Netis WF2419 V2.2.36123

Auth required

Prerequisites: Access to the router's web management page · Valid credentials (default or obtained via other means)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

nomisec STUB

by qq1515406085 · poc

https://github.com/qq1515406085/CVE-2019-19356

View Code ZIP pw:eip

The repository contains only a Docker Compose file and a minimal README with no exploit code or technical details. It sets up a Discuz ML environment but does not demonstrate or explain the vulnerability.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: Discuz ML (version unspecified)

No auth needed

Prerequisites: Docker environment

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.digital.security/en/blog/netis-routers-remote-code-execution-cve-2019-19356

Exploit, Third Party Advisory x_refsource_misc

https://github.com/shadowgatt/CVE-2019-19356

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/156588/Netis-WF2419-2.2.36123-Remote-Code-Execution.html

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-19356

Scores

CVSS v3 7.5

EPSS 0.2796

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Lab Environment

COMMUNITY

Community Lab

docker pull boyhack/discuz_ml

https://github.com/shadowgatt/CVE-2019-19356

https://github.com/qq1515406085/CVE-2019-19356

View in Library

Details

CISA KEV 2021-11-03

VulnCheck KEV 2020-10-14

InTheWild.io 2021-07-23

ENISA EUVD EUVD-2019-8977

CWE

CWE-78

Status published

Products (2)

netis-systems/wf2419_firmware 1.2.31805

netis-systems/wf2419_firmware 2.2.36123

Published Feb 07, 2020

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026