6 matches found
CVE-2025-3758
WF2220 exposes endpoint /cgi-bin-igd/netcoreget.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early about this disclosure but did not respond in any way...
CVE-2025-3758
creationtimestamp| type| source ---|---|--- 2025-05-08 12:31:50+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lonw6biat42p 2025-05-08 13:26:00+00:00| seen| https://t.me/cvedetector/24812 2025-05-08 14:05:34+00:00| seen|...
CVE-2025-3758
WF2220 exposes endpoint /cgi-bin-igd/netcoreget.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early about this disclosure but did not respond in any way...
CVE-2025-3758 Exposure of Device Configuration without Authentication in WF2220
WF2220 exposes endpoint /cgi-bin-igd/netcoreget.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early about this disclosure but did not respond in any way...
CVE-2025-3758
CVE-2025-3758 affects WF2220. The issue is an exposed endpoint /cgi-bin-igd/netcore_get.cgi that returns device configuration to unauthorized users, including cleartext passwords. This is a direct confidentiality and integrity risk (per CVSS data: HIGH confidentiality/integrity, adjacent attack v...
CVE-2025-3758 Exposure of Device Configuration without Authentication in WF2220
WF2220 exposes endpoint /cgi-bin-igd/netcoreget.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early about this disclosure but did not respond in any way...