CVE-2024-48455

LOW EXPLOITED NUCLEI

Netis Router Exploit Chain Reactor (CVE-2024-48455, CVE-2024-48456 and CVE-2024-48457).

Title source: metasploit

Exploitation Summary

CVE-2024-48455 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 2 public exploits from researchers including iSee857, including a Metasploit module exploits/linux/http/netis_unauth_rce_cve_2024_48456_and_48457. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains functional exploit code for CVE-2024-48455, demonstrating command execution via a session-based shell endpoint. The script includes multi-threaded scanning capabilities and validates vulnerability by checking for 'uid=' and 'gid=' in the response.

Description

An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a remote attacker to obtain sensitive information via the mode_name, wl_link parameters of the skk_get.cgi component.

Exploits (2)

github WORKING POC 40 stars

by iSee857 · pythonpoc

https://github.com/iSee857/CVE-PoC/tree/main/Netis(CVE-2024-48455).py

View Code ZIP pw:eip

The repository contains functional exploit code for CVE-2024-48455, demonstrating command execution via a session-based shell endpoint. The script includes multi-threaded scanning capabilities and validates vulnerability by checking for 'uid=' and 'gid=' in the response.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: OpenCode (CVE-2026-22812)

No auth needed

Prerequisites: Network access to target · Target running vulnerable OpenCode instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 27, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/netis_unauth_rce_cve_2024_48456_and_48457.rb

View Code ZIP pw:eip

This Metasploit module exploits an exploit chain in Netis routers, combining unauthenticated password reset (CVE-2024-48457), command injection in password change functionality (CVE-2024-48456), and information disclosure (CVE-2024-48455) to achieve remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Netis Routers (multiple models and firmware versions)

No auth needed

Prerequisites: Network access to the router's web interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 23, 2026 Full analysis →

Nuclei Templates (1)

Netis Wifi Router - Information Disclosure

HIGHby s4e-io

FOFA: title="Netis"

References (2)

Core 2

Core References

Various Sources

https://github.com/users/h00die-gr3y/projects/1/views/1

Various Sources

https://github.com/users/h00die-gr3y/projects/1/views/1?pane=issue&itemId=92065458&issue=h00die-gr3y%7Ch00die-gr3y%7C2

Scores

CVSS v3 2.7

EPSS 0.6870

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2025-02-04

Status published

Published Jan 06, 2025

Tracked Since Feb 18, 2026