📄 Description (English)
Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcore_get.cgi endpoint. Attackers can send a GET request to the endpoint to extract sensitive network credentials including SSID and WiFi passwords in plain text.
🤖 AI Executive Summary
CVE-2020-37093 is a critical information disclosure vulnerability in Netis E1+ routers (version 1.2.32533) that allows unauthenticated attackers to extract WiFi credentials in plaintext via the netcore_get.cgi endpoint. This vulnerability poses significant risk to Saudi organizations as compromised WiFi credentials can serve as entry points for lateral network movement and data exfiltration. The lack of authentication requirement makes this vulnerability trivially exploitable and particularly dangerous in enterprise environments.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 30, 2026 06:01
🇸🇦 Saudi Arabia Impact Assessment
This vulnerability poses severe risk to Saudi banking sector (SAMA-regulated institutions), government agencies (NCA oversight), healthcare facilities, and energy sector organizations (ARAMCO, downstream operators). Telecom providers (STC, Mobily, Zain) using Netis equipment for network infrastructure are particularly vulnerable. Compromised WiFi credentials enable attackers to establish persistent network access, conduct man-in-the-middle attacks, and exfiltrate sensitive data including financial records, government communications, and critical infrastructure information. Small and medium enterprises across all sectors using Netis routers face elevated risk of network compromise.
🏢 Affected Saudi Sectors
Banking and Financial Services
Government and Public Administration
Healthcare and Medical Facilities
Energy and Utilities
Telecommunications
Small and Medium Enterprises
Education
Retail and E-commerce
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
8.2
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all Netis E1+ devices (v1.2.32533) in your network infrastructure using network scanning tools
2. Isolate affected devices from production networks if patch cannot be immediately applied
3. Force password changes for all WiFi networks and connected systems
4. Review network access logs for unauthorized access attempts to netcore_get.cgi endpoint
PATCHING:
1. Upgrade Netis E1+ firmware to version 1.2.32534 or later immediately
2. Verify patch deployment across all affected devices
3. Test network connectivity and WiFi functionality post-patch
COMPENSATING CONTROLS (if patching delayed):
1. Implement network segmentation to isolate WiFi management traffic
2. Deploy WAF/IPS rules to block requests to netcore_get.cgi endpoint
3. Restrict administrative access to router management interfaces to authorized IPs only
4. Enable router access logs and monitor for suspicious GET requests
5. Implement network-based detection for plaintext credential transmission
DETECTION RULES:
1. Monitor for HTTP GET requests to */netcore_get.cgi with parameters containing 'password' or 'ssid'
2. Alert on unauthenticated access attempts to router management interfaces
3. Detect plaintext WiFi credentials in network traffic using DLP tools
4. Flag any successful responses from netcore_get.cgi endpoint containing credential data
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع أجهزة Netis E1+ (الإصدار 1.2.32533) في البنية التحتية للشبكة باستخدام أدوات المسح
2. عزل الأجهزة المتأثرة عن شبكات الإنتاج إذا لم يكن من الممكن تطبيق التصحيح فوراً
3. فرض تغيير كلمات المرور لجميع شبكات WiFi والأنظمة المتصلة
4. مراجعة سجلات الوصول للشبكة للتحقق من محاولات الوصول غير المصرح بها إلى نقطة نهاية netcore_get.cgi
التصحيح:
1. ترقية البرنامج الثابت Netis E1+ إلى الإصدار 1.2.32534 أو أحدث فوراً
2. التحقق من نشر التصحيح عبر جميع الأجهزة المتأثرة
3. اختبار اتصال الشبكة وعمل WiFi بعد التصحيح
الضوابط البديلة (إذا تأخر التصحيح):
1. تنفيذ تقسيم الشبكة لعزل حركة إدارة WiFi
2. نشر قواعد WAF/IPS لحظر الطلبات إلى نقطة نهاية netcore_get.cgi
3. تقييد الوصول الإداري إلى واجهات إدارة الموجه للعناوين المصرح بها فقط
4. تفعيل سجلات وصول الموجه ومراقبة الطلبات المريبة
5. تنفيذ الكشف القائم على الشبكة لنقل بيانات الاعتماد بصيغة نصية عادية
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.5.1.1 - Access Control Policies
ECC 2024 A.6.1.2 - User Registration and De-registration
ECC 2024 A.8.2.1 - Classification of Information
ECC 2024 A.8.2.3 - Handling of Assets
ECC 2024 A.10.1.1 - Cryptography Policy
ECC 2024 A.12.4.1 - Event Logging
ECC 2024 A.13.1.1 - Network Security Perimeter
🔵 SAMA CSF
SAMA CSF ID.AM-2 - Hardware and Software Assets
SAMA CSF PR.AC-1 - Access Control
SAMA CSF PR.DS-1 - Data Security
SAMA CSF DE.CM-1 - Network Monitoring
SAMA CSF RS.MI-2 - Incident Response
🟡 ISO 27001:2022
ISO 27001:2022 A.5.1 - Policies for Information Security
ISO 27001:2022 A.6.1 - Screening
ISO 27001:2022 A.8.1 - Asset Management
ISO 27001:2022 A.8.2 - Information Classification
ISO 27001:2022 A.8.3 - Media Handling
ISO 27001:2022 A.10.1 - Cryptography
ISO 27001:2022 A.12.4 - Logging
🟣 PCI DSS v4.0.1
PCI DSS 1.1 - Firewall Configuration Standards
PCI DSS 2.1 - Default Passwords
PCI DSS 2.2.4 - Router Configuration
PCI DSS 6.2 - Security Patches
PCI DSS 10.2 - User Access Logging