CVE-2025-34117 | THREATINT

Description

A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented. An unauthenticated remote attacker can send specially crafted UDP packets to execute arbitrary commands on the affected device. This backdoor uses a hardcoded authentication mechanism and accepts shell commands post-authentication. Some device models include a non-standard implementation of the `echo` command, which may affect exploitability.

PUBLISHED Reserved 2025-04-15 | Published 2025-07-16 | Updated 2026-04-07 | Assigner VulnCheck

CRITICAL: 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-912 Hidden Functionality

CWE-306 Missing Authentication for Critical Function

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Product status

Default status

affected

Prior to August 2014

affected

Default status

affected

Prior to August 2014

affected

Credits

Trend Micro TrendLabs finder

References

web.archive.org/...e/netis-routers-leave-wide-open-backdoor/ third-party-advisory technical-description

www.seebug.org/vuldb/ssvid-90227 third-party-advisory technical-description

raw.githubusercontent.com/...c/netcore_udp_53413_backdoor.rb exploit

www.shadowserver.org/...is-router-vulnerability-scan-report/ third-party-advisory

vulners.com/...XPLOIT-LINUX-MISC-NETCORE_UDP_53413_BACKDOOR- third-party-advisory exploit

www.vulncheck.com/...ries/netcore-netis-routers-backdoor-rce third-party-advisory

www.exploit-db.com/exploits/43387 exploit

cve.org (CVE-2025-34117)

nvd.nist.gov (CVE-2025-34117)

Download JSON

help @ threatint.eu