CVE-2024-48455 Scanner

Netis Wifi Routers are popular networking devices used in homes and small businesses to provide wireless internet access. These routers are valued for their affordability, ease of use, and compatibility with various networking environments. They are commonly employed to manage local network traffic and internet connectivity.

The vulnerability identified in multiple Netis Wifi Router models involves Information Disclosure. This flaw enables remote attackers to access sensitive information such as configuration details, vendor data, and network statistics via the skk_get.cgi component.

The issue lies in the improper handling of HTTP POST requests to the skk_get.cgi endpoint. By sending crafted requests with parameters like mode_name and wl_link, attackers can retrieve sensitive data from the router's response. The affected parameters are not adequately protected, leading to unauthorized data exposure.

Exploitation of this vulnerability can result in exposure of sensitive router configuration details, which may include version numbers, network statistics, and vendor-specific data. This information can aid attackers in further compromising the network or exploiting other vulnerabilities.

REFERENCES

• https://attackerkb.com/topics/L6qgmDIMa1/cve-2024-48455
• https://github.com/users/h00die-gr3y/projects/1/views/1
• https://nvd.nist.gov/vuln/detail/CVE-2024-48455