CVE-2025-2921

Medium CVSS: 5.4

A vulnerability classified as critical has been found in Netis WF-2404 1.1.124EN. Affected is an unknown function of the file /etc/passwd. The manipulation with the input Realtek leads to use of default password. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Netis-systems

Product

Netis Wf-2404 Firmware

CWE

CWE-1393

Yayın Tarihi

2025-03-28 18:15:17

Güncelleme

2025-04-17 14:21:41

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-1393 Netis Wf-2404 Firmware MEDIUM Netis-systems 2025

Referanslar

https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-cont https://vuldb.com/?ctiid.301896 https://vuldb.com/?id.301896 https://vuldb.com/?submit.521038 https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-cont

Benzer Kayıtlar

High

CVE-2025-50615

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00470c50 function of the cgite…

High

CVE-2025-50616

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046f984 function of the cgite…

High

CVE-2025-50617

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046ed68 function of the cgite…

High

CVE-2025-50614

A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_0047151c function of the c…

High

CVE-2025-50612

A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_004743f8 function of the c…

High

CVE-2025-50613

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00475e1c function of the cgite…