Authentication Bypass Vulnerability in Netcore Device Configuration
CVE-2025-3759

8.7HIGH

Key Information:

Vendor: Netis Systems
Status: Wf2220
Vendor: CVE Published:; 8 May 2025

🔔 Create Netis Systems Vulnerability Alert

What is CVE-2025-3759?

The vulnerability allows unauthorized access to the configuration endpoint at /cgi-bin-igd/netcore_set.cgi, enabling attackers to alter device settings without authentication. This vulnerability can lead to severe security breaches including the hijacking of administrator accounts and unauthorized changes to wireless access point passwords. Immediate attention is required to protect affected devices from potential exploitation.

Affected Version(s)

WF2220 1.2.31706

References

https://cert.pl/posts/2025/05/CVE-2025-3758

third-party-advisory

https://cert.pl/en/posts/2025/05/CVE-2025-3758

third-party-advisory

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 8, 2025
Vulnerability Reserved
Apr 17, 2025

Credit

Kamil Szczurowski