Back to KEVs

CVE-2024-48455

An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327...

Basic Information

CVE State
PUBLISHED
Reserved Date
October 08, 2024
Published Date
January 06, 2025
Last Updated
January 07, 2025
Vendor
Netis
Product
Wifi6 Router
Description
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a remote attacker to obtain sensitive information via the mode_name, wl_link parameters of the skk_get.cgi component.
Tags
nuclei_scanner edge metasploit

CVSS Scores

CVSS v3.1

2.7 - LOW

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

EPSS Score

Score
63.50% (Percentile: 98.27%) as of 2025-05-28

SSVC Information

Exploitation
poc
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (added 2025-05-15 00:00:00 UTC) Source

References

https://github.com/users/h00die-gr3y/projects/1/views/1

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-05-15 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/netis_unauth_rce_cve_2024_48456_and_48457.rb 2025-04-29 11:01:14 UTC
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-48455.yaml 2025-04-26 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Detected by Nuclei

  • Detected by Metasploit

  • Added to KEVIntel