CyberSec.Space Logo
Back to CVE Browser

CVE-2019-19356

Known Exploited (CISA KEV)HIGH
7.5
CVSS Severity Score
EPSS Score51.1000%
EPSS Percentile93.27th
PublishedFeb 7, 2020
Last ModifiedNov 7, 2025

Vulnerability Description

Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands as root through the tracert diagnostic tool because of lack of user input sanitizing.

Affected Platforms (CPE)

πŸ’»
Netis Systems

Wf2419 Firmware

= 1.2.31805
πŸ’»
Netis Systems

Wf2419 Firmware

= 2.2.36123

References & Advisories

πŸ”— http://packetstormsecurity.com/files/156588/Netis-WF2419-2.2.36123-Remote-Code-Execution.html
πŸ”— https://github.com/shadowgatt/CVE-2019-19356
πŸ”— https://www.digital.security/en/blog/netis-routers-remote-code-execution-cve-2019-19356
πŸ”— http://packetstormsecurity.com/files/156588/Netis-WF2419-2.2.36123-Remote-Code-Execution.html
πŸ”— https://github.com/shadowgatt/CVE-2019-19356
πŸ”— https://www.digital.security/en/blog/netis-routers-remote-code-execution-cve-2019-19356
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-19356

Related Vulnerabilities

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...

CVE-2026-121895.3

A flaw has been found in Moovit Bus & Public Transit App 1.18 on Android. This affects an unknown part of the component com.tranzm...

CVE-2026-121886.3

A vulnerability was detected in Grit42 Grit up to 0.11.0. Affected by this issue is some unknown functionality of the file modules...