Volerion logoVolerion
Volerion logoVolerion

Netis WF2880 Buffer Overflow Vulnerability in cgitest.cgi Allowing Denial-of-Service

Vulnerability

A buffer overflow vulnerability has been identified in the Netis WF2880 router, specifically in the v2.1.40207 firmware. The issue arises in the FUN_00470c50 function of the cgitest.cgi file. Attackers can exploit this vulnerability by manipulating the wl_mac_filter_set value in the payload, potentially causing the device to crash and leading to a Denial-of-Service (DoS) condition.

Impact

Exploitation of this vulnerability causes a crash of the affected program, leading to a Denial-of-Service condition.

Reproduction

The vulnerability can be reproduced by sending a payload that includes a large value for the wl_mac_filter_set parameter, along with any other required parameters. This can be done using a tool that allows for the manipulation of CGI input, such as a custom script or a web application testing tool.

Added: Aug 13, 2025, 9:20 PM
Updated: Aug 13, 2025, 9:20 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
2.5
exploitability
9.1
remediation
7.7
relevance
0.4
threat
6.4
urgency
2.9
incentive
9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.