CVE-2024-33792

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-33792
netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page.

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/ymkyu/CVE/tree/main/CVE-2024-33792 Exploit Third Party Advisory
https://github.com/ymkyu/CVE/tree/main/CVE-2024-33792 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netis-systems:mex605_firmware:2.00.06:*:*:*:*:*:*:*
cpe:2.3:h:netis-systems:mex605:-:*:*:*:*:*:*:*
History

17 Jun 2025, 15:10

Type Values Removed Values Added
References () https://github.com/ymkyu/CVE/tree/main/CVE-2024-33792 - () https://github.com/ymkyu/CVE/tree/main/CVE-2024-33792 - Exploit, Third Party Advisory
CPE cpe:2.3:o:netis-systems:mex605_firmware:2.00.06:*:*:*:*:*:*:*
cpe:2.3:h:netis-systems:mex605:-:*:*:*:*:*:*:*
CWE CWE-78
First Time Netis-systems mex605
Netis-systems
Netis-systems mex605 Firmware

21 Nov 2024, 09:17

Type Values Removed Values Added
References () https://github.com/ymkyu/CVE/tree/main/CVE-2024-33792 - () https://github.com/ymkyu/CVE/tree/main/CVE-2024-33792 -

03 Jul 2024, 01:58

Type Values Removed Values Added
CWE CWE-20
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8

07 May 2024, 05:15

Type Values Removed Values Added
Summary
  • (es) Una vulnerabilidad de cross-site scripting (XSS) en netis-systems MEX605 v2.00.06 permite a los atacantes ejecutar scripts web o HTML arbitrarios a través de un payload manipulado inyectado en la página tracert.
Summary (en) A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tracert page. (en) netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page.

03 May 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-03 17:15

Updated : 2025-06-17 15:10

NVD link : CVE-2024-33792

Mitre link : CVE-2024-33792

CVE.ORG link : CVE-2024-33792

JSON object : View

Products Affected

netis-systems

  • mex605_firmware
  • mex605
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CWE-20

Improper Input Validation