Primary

Context

Netis WF2880 Buffer Overflow Vulnerability in cgitest.cgi Allowing Denial-of-Service

Vulnerability

Patched

A buffer overflow vulnerability has been identified in the Netis WF2880 router, specifically in the v2.1.40207 firmware. The issue occurs in the FUN_00473154 function of the cgitest.cgi file. Attackers can exploit this vulnerability by manipulating the wl_sec_set_5g and wl_sec_rp_set_5g values in the payload. This exploitation can lead to a program crash and potentially cause a Denial-of-Service (DoS) condition.

Impact

Exploitation of this vulnerability can cause a crash of the affected program, leading to a Denial-of-Service condition.

Reproduction

The vulnerability can be reproduced by uploading a crafted payload that includes oversized values for the wl_sec_set_5g and wl_sec_rp_set_5g parameters, while also including a value for other_params. This payload can be sent through a CGI request to the router.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Netis WF2880 Buffer Overflow Vulnerability in cgitest.cgi Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

Netis WF2880

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating