CVE-2020-37093

HIGH

Netis E1+ 1.2.32533 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-37093. PoCs published by Besim.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated information disclosure vulnerability in Netis E1+ routers. By sending a crafted HTTP GET request to `netcore_get.cgi`, the router leaks sensitive information, including WiFi passwords, in the response.

Description

Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcore_get.cgi endpoint. Attackers can send a GET request to the endpoint to extract sensitive network credentials including SSID and WiFi passwords in plain text.

Exploits (1)

exploitdb WORKING POC
by Besim · textwebappshardware
https://www.exploit-db.com/exploits/48384

This exploit demonstrates an unauthenticated information disclosure vulnerability in Netis E1+ routers. By sending a crafted HTTP GET request to `netcore_get.cgi`, the router leaks sensitive information, including WiFi passwords, in the response.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Netis E1+ V1.2.32533
No auth needed
Prerequisites: Network access to the vulnerable router
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit
https://www.exploit-db.com/exploits/48384
Various Sources product
http://www.netis-systems.com

Scores

CVSS v3 7.5
EPSS 0.0030
EPSS Percentile 21.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-201
Status published
Products (1)
Netis Systems Co., Ltd./Netis E1+ 1.2.32553
Published Feb 03, 2026
Tracked Since Feb 18, 2026