GCVE - cpe:2.3:h:netis-systems:wf2419:-:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:h:netis-systems:wf2419:-:*:*:*:*:*:*:*

part: h version: - update: *

Vendor	Netis Systems (`672828a5-2e28-5c8f-b339-4984bcfc4393`)
Product	Wf2419 (`84efd3e3-4f7d-55a7-92b5-591aabb43bca`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-19356`	not_vulnerable	2026-06-03 14:40:04.547497	Details available Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing. Published: 2020-02-07T22:49:07.000Z Updated: 2025-10-21T23:35:51.944Z Open on db.gcve.eu Reference links https://www.digital.security/en/blog/netis-routers-remote-code-execution-cve-2019-19356 https://github.com/shadowgatt/CVE-2019-19356 http://packetstormsecurity.com/files/156588/Netis-WF2419-2.2.36123-Remote-Code-Execution.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-6391`	not_vulnerable	2026-06-03 14:39:00.224774	Details available A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings. Published: 2018-01-29T19:00:00.000Z Updated: 2024-09-17T01:51:50.686Z Open on db.gcve.eu Reference links https://packetstormsecurity.com/files/146117/netiswf2419-xsrf.txt https://www.exploit-db.com/exploits/43919/ https://0day.today/exploit/29659	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-6190`	not_vulnerable	2026-06-03 14:38:59.999427	Details available Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page. Published: 2018-01-24T21:00:00.000Z Updated: 2024-08-05T05:54:53.154Z Open on db.gcve.eu Reference links https://packetstormsecurity.com/files/146032/Netis-WF2419-3.2.41381-Cross-Site-Scripting.html https://www.exploit-db.com/exploits/43981/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-5967`	not_vulnerable	2026-06-03 14:38:59.747749	Details available Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page. Published: 2018-01-25T08:00:00.000Z Updated: 2024-08-05T05:47:56.176Z Open on db.gcve.eu Reference links https://packetstormsecurity.com/files/145513/Netis-WF2419-HTML-Injection.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.