Primary

Context

Netis WF-2404 Cleartext Storage Vulnerability in BusyBox Shell

Vulnerability

A vulnerability exists in the Netis WF-2404 router running firmware version 1.1.124EN. This vulnerability involves an undisclosed feature of the BusyBox Shell component, leading to the cleartext storage of sensitive information. The issue can be exploited locally on the device, and while the attack's complexity is considered high, a public exploit is available. The vulnerability was disclosed to the vendor, but no response was received.

Impact

Exploitation of this vulnerability allows for the cleartext storage of sensitive information, such as passwords, which could be accessed by unauthorized parties.

Reproduction

The vulnerability can be reproduced by gaining physical access to the router and connecting UART probes. Once connected, the 'flash set' command can be used to change default user credentials, which are then stored in cleartext. After rebooting the device, the new credentials remain active, demonstrating the vulnerability's impact.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Netis WF-2404 Cleartext Storage Vulnerability in BusyBox Shell

Vulnerability

Impact

Reproduction

Affected Products

BusyBox Shell

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating