Volerion logoVolerion
Volerion logoVolerion

Netis WF2880 Buffer Overflow Vulnerability in cgitest.cgi Allowing Denial-of-Service

Vulnerability

A buffer overflow vulnerability has been identified in the Netis WF2880 router, specifically in the v2.1.40207 firmware. The issue occurs in the UndefinedFunction_00465620 within the cgitest.cgi file. Attackers can exploit this vulnerability by manipulating the 'specify_parame' value in the payload, leading to a program crash and potential Denial-of-Service (DoS) condition.

Impact

Exploitation of this vulnerability causes a program crash, leading to a Denial-of-Service condition.

Reproduction

The vulnerability can be reproduced by uploading a crafted payload that includes a large value for 'specify_parame' while keeping 'other_params' set to 1. This payload can be sent through the web interface or via a script that interacts with the router's CGI processing.

Added: Sep 1, 2025, 7:22 PM
Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
2.5
exploitability
9.1
remediation
7.7
relevance
0.3
threat
6.4
urgency
2.9
incentive
9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.