CVE-2024-48457
Published: 06 January 2025
Summary
CVE-2024-48457 is a high-severity Out-of-bounds Read (CWE-125) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 1.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-7 (Boundary Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the out-of-bounds read vulnerability in affected Netis router firmware versions, preventing remote attackers from disclosing sensitive information.
Enforces boundary protections like firewall rules or network segmentation to block unauthenticated remote access to vulnerable endpoints /cgi-bin/skk_set.cgi and /bin/scripts/start_wifi.sh.
Validates inputs to the affected CGI endpoints and scripts to prevent crafted requests from triggering the out-of-bounds read and subsequent information disclosure.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct remote exploitation of public router web/CGI endpoints (T1190) resulting in unauthorized disclosure of device-stored sensitive data/credentials (T1005).
NVD Description
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router…
more
MW5360 1.0.1.3442 and 1.0.1.3031 allows a remote attacker to obtain sensitive information via the endpoint /cgi-bin/skk_set.cgi and binary /bin/scripts/start_wifi.sh
Deeper analysisAI
CVE-2024-48457 is an out-of-bounds read vulnerability (CWE-125) present in multiple Netis router models running specific firmware versions. Affected devices include the Netis Wifi6 Router NX10 (2.0.1.3643 and 2.0.1.3582), Netis Wifi 11AC Router NC65 (3.0.0.3749), Netis Wifi 11AC Router NC63 (3.0.0.3327 and 3.0.0.3503), Netis Wifi 11AC Router NC21 (3.0.0.3800, 3.0.0.3500, and 3.0.0.3329), and Netis Wifi Router MW5360 (1.0.1.3442 and 1.0.1.3031). The flaw is exploitable through the endpoints /cgi-bin/skk_set.cgi and /bin/scripts/start_wifi.sh, earning a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) due to high confidentiality impact.
A remote, unauthenticated attacker can exploit this vulnerability over the network with low attack complexity and no user interaction required. Exploitation enables the attacker to disclose sensitive information stored on the device, potentially exposing configuration data, credentials, or other proprietary details that could facilitate further attacks on the network.
Additional details, including potential mitigations or patches, may be found in the referenced advisory at https://github.com/users/h00die-gr3y/projects/1/views/1. Security practitioners should verify firmware updates from Netis and apply network segmentation or firewall rules to restrict access to the affected CGI endpoints.
Details
- CWE(s)