Weak Hash Vulnerability in Netis WF-2404 Router
CVE-2025-2920

1LOW

Key Information:

Vendor
Netis
Status
Wf-2404
Vendor
CVE Published:
28 March 2025

Badges

👾 Exploit Exists

Summary

A weak hash vulnerability has been identified in the Netis WF-2404 router firmware version 1.1.124EN. This issue arises from improper processing of the '/etc/passwd' file, potentially allowing unauthorized attackers to exploit weak password hashing mechanisms. While the complexity of a successful attack remains high, the potential for exploitation exists, particularly as detailed exploits have been publicly disclosed. It's crucial for users of the Netis WF-2404 to ensure their firmware is updated and to implement additional security measures to mitigate this risk. The vendor has been alerted regarding the issue, yet no response has been received to address the vulnerability.

Affected Version(s)

WF-2404 1.1.124EN

References

https://vuldb.com/?id.301895
vdb-entry
https://vuldb.com/?ctiid.301895
signaturepermissions-required
https://vuldb.com/?submit.521037
third-party-advisory

CVSS V4

Score:
1
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
None
Attack Vector:
Physical
Attack Complexity:
High
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

scoozi (VulDB User)
.