Cross-Site Scripting Vulnerability in Netis WF2780 Wireless Router
CVE-2025-1617
4.8MEDIUM
Key Information:
- Vendor
- Netis
- Status
- Wf2780
- Vendor
- CVE Published:
- 24 February 2025
Summary
A cross-site scripting vulnerability exists in the Netis WF2780 wireless router, specifically within the Wireless 2.4G Menu component. This issue allows attackers to exploit the SSID parameter, enabling potential remote exploitation. Attackers can insert malicious scripts that execute in the context of the user’s browser, potentially leading to data theft or unauthorized actions. The vendor has been informed about the vulnerability but has not provided any response or mitigation strategies.
Affected Version(s)
WF2780 2.1.41925
References
CVSS V4
Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Havook (VulDB User)