Command Injection Vulnerability in Netis WF2780
CVE-2024-25850

Currently unrated

Key Information:

Vendor: Netis
Status: Wf2780 Firmware
Vendor: CVE Published:; 22 February 2024

What is CVE-2024-25850?

The Netis WF2780 router, specifically version 2.1.40144, has been identified as having a command injection vulnerability that can be exploited through the 'wps_ap_ssid5g' parameter. This flaw allows an attacker to inject arbitrary commands into the system, potentially leading to unauthorized access and control of the device. Users are encouraged to be vigilant and update their firmware to mitigate the risks associated with this vulnerability. Network security could be compromised, emphasizing the necessity for regular software updates and security assessments.

References

https://www.netis-systems.com/

https://github.com/no1rr/Vulnerability/blob/master/netis/...

EPSS Score

10% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 22, 2024
Vulnerability Reserved
Feb 12, 2024