QwikSec

Security Database

CVE

CWE

Training

CVE-2025-34117

Published: Jul 16, 2025

Modified: Apr 7, 2026

PUBLISHED

Description

A remote code execution vulnerability exists in multiple Netcore and Netis routers models with firmware released prior to August 2014 due to the presence of an undocumented backdoor listener on UDP port 53413. Exact version boundaries remain undocumented. An unauthenticated remote attacker can send specially crafted UDP packets to execute arbitrary commands on the affected device. This backdoor uses a hardcoded authentication mechanism and accepts shell commands post-authentication. Some device models include a non-standard implementation of the `echo` command, which may affect exploitability.

Vendor	Product	Versions
Netcore Technology	Router firmware	affected `Prior to August 2014`
Netis	Router firmware	affected `Prior to August 2014`

Weaknesses (CWE)

References

https://web.archive.org/web/20140828114943/http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-leave-wide-open-backdoor/

third-party-advisory

technical-description

https://www.seebug.org/vuldb/ssvid-90227

third-party-advisory

technical-description

https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/misc/netcore_udp_53413_backdoor.rb

exploit

https://www.shadowserver.org/what-we-do/network-reporting/netcore-netis-router-vulnerability-scan-report/

third-party-advisory

https://vulners.com/metasploit/MSF:EXPLOIT-LINUX-MISC-NETCORE_UDP_53413_BACKDOOR-

third-party-advisory

exploit

https://www.vulncheck.com/advisories/netcore-netis-routers-backdoor-rce

third-party-advisory

https://www.exploit-db.com/exploits/43387

exploit

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.