Cross-Site Scripting Vulnerability in Netis WF2419 Wireless Settings
CVE-2025-9119

4.8MEDIUM

Key Information:

Vendor

Netis

Status
Wf2419
Vendor
CVE Published:
18 August 2025

What is CVE-2025-9119?

A Cross-Site Scripting vulnerability has been identified in the Netis WF2419 wireless router, specifically within the Wireless Settings Page located at /index.htm. This vulnerability arises due to improper handling of the SSID parameter, allowing an attacker to inject malicious scripts. An example of the exploit involves using the input <img/src/onerror=prompt(8)> to execute arbitrary JavaScript in the context of an unsuspecting user's browser. Consequently, this could lead to remote exploitation, as an attacker can potentially execute harmful scripts without user consent. This issue was publicly disclosed, yet the vendor did not respond to initial notifications.

Affected Version(s)

WF2419 1.2.29433

References

https://vuldb.com/?id.320456
vdb-entrytechnical-description
https://vuldb.com/?ctiid.320456
signaturepermissions-required
https://vuldb.com/?submit.628410
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Fergod (VulDB User)
.