Unauthenticated Command Injection in Netis Router
This week's Metasploit release includes an exploit module for an unauthenticated command injection vulnerability in the Netis MW5360 router which is being tracked as CVE-2024-22729. The vulnerability stems from improper handling of the password parameter within the router's web interface which allows for command injection. Fortunately for attackers, the router's login page authorization can be bypassed by simply deleting the authorization header, leading to the vulnerability. All router firmware versions up to V1.0.1.3442 are vulnerable.
New module content (2)
MS-NRPC Domain Users Enumeration
Author: Haidar Kabibo https://x.com/haider_kabibo
Type: Auxiliary
Pull request: #19205 contributed by sud0Ru
Path: scanner/dcerpc/nrpc_enumusers
Description: This adds a new module that can enumerate accounts on a target Active Directory Domain Controller without authenticating to it; instead the module does so by issuing a DCERPC request and analyzing the returned error status.
Netis router MW5360 unauthenticated RCE.
Authors: Adhikara13 and h00die-gr3y [email protected]
Type: Exploit
Pull request: #19188 contributed by h00die-gr3y
Path: linux/http/netis_unauth_rce_cve_2024_22729
AttackerKB reference: CVE-2024-22729
Description: This adds an exploit module that leverages CVE-2024-22729, a command injection vulnerability in Netis router MW5360 to achieve remote code execution as the user root. All router firmware versions up to V1.0.1.3442 ..
Support the originator by clicking the read the rest link below.
