CVE-2025-34117
Netcore / Netis Routers RCE via UDP Port 53413 Backdoor
We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Netcore / Netis Routers RCE via UDP Port 53413 Backdoor
A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented. An unauthenticated remote attacker can send specially crafted UDP packets to execute arbitrary commands on the affected device. This backdoor uses a hardcoded authentication mechanism and accepts shell commands post-authentication. Some device models include a non-standard implementation of the `echo` command, which may affect exploitability.
Reserved 2025-04-15 | Published 2025-07-16 | Updated 2025-07-16 | Assigner VulnCheckCWE-306 Missing Authentication for Critical Function
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Trend Micro TrendLabs
web.archive.org/...e/netis-routers-leave-wide-open-backdoor/
www.seebug.org/vuldb/ssvid-90227
raw.githubusercontent.com/...c/netcore_udp_53413_backdoor.rb
www.shadowserver.org/...is-router-vulnerability-scan-report/
vulners.com/...XPLOIT-LINUX-MISC-NETCORE_UDP_53413_BACKDOOR-
www.vulncheck.com/...ries/netcore-netis-routers-backdoor-rce
www.exploit-db.com/exploits/43387
Support options
