Netis Systems WF2220 Missing Authentication Vulnerability in Configuration Management Endpoint
Vulnerability
A vulnerability exists in the Netis Systems WF2220 router, specifically in version 1.2.31706. The issue arises from the endpoint '/cgi-bin-igd/netcore_set.cgi', which is used for changing device configurations. This endpoint is accessible without authentication, allowing unauthorized users to modify settings such as the administrator account or access point password. The vulnerability is classified as 'Missing Authentication for Critical Function' (CWE-306).
Impact
Exploitation of this vulnerability could lead to unauthorized changes in device configuration, such as hijacking the administrator account or altering the access point password.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.