Lucene search
K

7 matches found

Vulnrichment
Vulnrichment
added 2025/05/08 10:5 a.m.5 views

CVE-2025-3759 Missing Authentication for Changing Device Configuration in WF2220

Endpoint /cgi-bin-igd/netcoreset.cgi which is used for changing device configuration is accessible without authentication. This poses a significant security threat allowing for e.g: administrator account hijacking or AP password changing. The vendor was contacted early about this disclosure but d...

8.7CVSS6.6AI score0.00226EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/08 10:5 a.m.17 views

CVE-2025-3759 Missing Authentication for Changing Device Configuration in WF2220

Endpoint /cgi-bin-igd/netcoreset.cgi which is used for changing device configuration is accessible without authentication. This poses a significant security threat allowing for e.g: administrator account hijacking or AP password changing. The vendor was contacted early about this disclosure but d...

8.7CVSS0.00226EPSS
Exploits0References2
CVE
CVE
added 2025/05/08 10:5 a.m.52 views

CVE-2025-3758

CVE-2025-3758 affects WF2220. The issue is an exposed endpoint /cgi-bin-igd/netcore_get.cgi that returns device configuration to unauthorized users, including cleartext passwords. This is a direct confidentiality and integrity risk (per CVSS data: HIGH confidentiality/integrity, adjacent attack v...

8.7CVSS6.3AI score0.00195EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/08 10:5 a.m.4 views

CVE-2025-3758 Exposure of Device Configuration without Authentication in WF2220

WF2220 exposes endpoint /cgi-bin-igd/netcoreget.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early about this disclosure but did not respond in any way...

8.7CVSS6.3AI score0.00195EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/05/08 10:5 a.m.21 views

CVE-2025-3758 Exposure of Device Configuration without Authentication in WF2220

WF2220 exposes endpoint /cgi-bin-igd/netcoreget.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early about this disclosure but did not respond in any way...

8.7CVSS0.00195EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/08 12:0 a.m.4 views

Netis Systems WF2220 安全漏洞

Netis Systems WF2220 is a wireless USB network card from Netis Systems. A security vulnerability exists in the Netis Systems WF2220 version 1.2.31706, which originates from the /cgi-bin-igd/netcoreget.cgi endpoint that returns the device configuration, including the password in clear text, to an...

8.7CVSS6.5AI score0.00195EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/05/08 12:0 a.m.2 views

Netis Systems WF2220 访问控制错误漏洞

The Netis Systems WF2220 is a wireless USB network card from Netis Systems. An access control error vulnerability exists in the Netis Systems WF2220 version 1.2.31706, which originates from accessing the /cgi-bin-igd/netcoreset.cgi endpoint without authentication, which could lead to administrato...

8.7CVSS6.5AI score0.00226EPSS
Exploits0References2
Rows per page
Query Builder