7 matches found
CVE-2025-3759 Missing Authentication for Changing Device Configuration in WF2220
Endpoint /cgi-bin-igd/netcoreset.cgi which is used for changing device configuration is accessible without authentication. This poses a significant security threat allowing for e.g: administrator account hijacking or AP password changing. The vendor was contacted early about this disclosure but d...
CVE-2025-3759 Missing Authentication for Changing Device Configuration in WF2220
Endpoint /cgi-bin-igd/netcoreset.cgi which is used for changing device configuration is accessible without authentication. This poses a significant security threat allowing for e.g: administrator account hijacking or AP password changing. The vendor was contacted early about this disclosure but d...
CVE-2025-3758
CVE-2025-3758 affects WF2220. The issue is an exposed endpoint /cgi-bin-igd/netcore_get.cgi that returns device configuration to unauthorized users, including cleartext passwords. This is a direct confidentiality and integrity risk (per CVSS data: HIGH confidentiality/integrity, adjacent attack v...
CVE-2025-3758 Exposure of Device Configuration without Authentication in WF2220
WF2220 exposes endpoint /cgi-bin-igd/netcoreget.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early about this disclosure but did not respond in any way...
CVE-2025-3758 Exposure of Device Configuration without Authentication in WF2220
WF2220 exposes endpoint /cgi-bin-igd/netcoreget.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early about this disclosure but did not respond in any way...
Netis Systems WF2220 安全漏洞
Netis Systems WF2220 is a wireless USB network card from Netis Systems. A security vulnerability exists in the Netis Systems WF2220 version 1.2.31706, which originates from the /cgi-bin-igd/netcoreget.cgi endpoint that returns the device configuration, including the password in clear text, to an...
Netis Systems WF2220 访问控制错误漏洞
The Netis Systems WF2220 is a wireless USB network card from Netis Systems. An access control error vulnerability exists in the Netis Systems WF2220 version 1.2.31706, which originates from accessing the /cgi-bin-igd/netcoreset.cgi endpoint without authentication, which could lead to administrato...