Volerion logoVolerion
Volerion logoVolerion

Netis WF2880 Buffer Overflow Vulnerability in cgitest.cgi Allowing Denial-of-Service

Vulnerability

A buffer overflow vulnerability has been identified in the Netis WF2880 router, specifically in the v2.1.40207 firmware. The issue arises in the FUN_0046f984 function of the cgitest.cgi file. Attackers can exploit this vulnerability by manipulating the wl_advanced_set parameter in the payload, leading to a program crash and causing a Denial-of-Service (DoS) condition.

Impact

Exploitation of this vulnerability causes a program crash, leading to a Denial-of-Service condition on the affected device.

Reproduction

The vulnerability can be reproduced by uploading a crafted payload that includes a large value for the wl_advanced_set parameter, while also including other necessary parameters to complete the request. This can be done using a tool that allows for the manipulation of HTTP request payloads, such as Burp Suite or a custom script.

Added: Aug 13, 2025, 9:18 PM
Updated: Aug 13, 2025, 9:18 PM

Vulnerability Rating

Custom Algorithm
spread
2.6
impact
2.5
exploitability
9.1
remediation
7.7
relevance
0.3
threat
6.4
urgency
2.9
incentive
10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.