Cyber Resilience

CVE-2019-19356

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCRCE

Published: 07 February 2020

Published
07 February 2020
Modified
07 November 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.9096 99.7th percentile
Risk Priority 90 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2019-19356 is a high-severity OS Command Injection (CWE-78) vulnerability in Netis-Systems Wf2419 Firmware. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 0.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and AC-6 (Least Privilege).

Deeper analysis

Netis WF2419 routers running firmware versions V1.2.31805 and V2.2.36123 contain an authenticated remote code execution vulnerability in the web management interface. The flaw, tracked as CVE-2019-19356 and assigned CWE-78, stems from missing sanitization of user input passed to the tracert diagnostic tool, allowing system commands to be executed with root privileges. The issue carries a CVSS 3.1 score of 7.5 reflecting network attack vector, high attack complexity, and low privileges required.

An attacker who has obtained valid credentials for the router's administrative web page can submit crafted input through the tracert function to run arbitrary commands as root. Successful exploitation grants full control of the device, including the ability to modify configuration, intercept traffic, or pivot to other systems on the local network.

Public proof-of-concept code and technical write-ups are available that demonstrate the attack against the affected firmware versions, though no vendor advisory or patch information is referenced in the available sources.

EU & UK References

Vulnerability details

Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to…

more

execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

netis-systems
wf2419 firmware
1.2.31805, 2.2.36123

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and sanitization of untrusted input to the tracert diagnostic tool, blocking the OS command injection that enables authenticated RCE.

prevent

Enforces execution of the web management interface and diagnostic functions with only the privileges required, preventing root-level command execution even after successful injection.

prevent

Restricts the router to only the necessary network functions and disables or tightly limits the tracert diagnostic feature that accepts unsanitized input.

References