Primary

Context

Netis WF2880 Buffer Overflow Vulnerability in cgitest.cgi Allowing Denial-of-Service

Vulnerability

Patched

A buffer overflow vulnerability has been identified in the Netis WF2880 router, specifically in the v2.1.40207 firmware. The issue arises in the FUN_0046ed68 function of the cgitest.cgi file. Attackers can exploit this vulnerability by manipulating the wps_set value in the payload, leading to program crashes and potential Denial-of-Service (DoS) conditions.

Impact

Exploitation of this vulnerability causes a program crash, creating a Denial-of-Service condition.

Reproduction

The vulnerability can be reproduced by sending a payload with a crafted wps_set value, which overrides the buffer limit and causes a buffer overflow. This can be done after uploading the cgitest.cgi file to the router and executing it with QEMU.

Added: Aug 13, 2025, 9:16 PM

Updated: Aug 13, 2025, 9:16 PM

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.6

impact

2.5

exploitability

9.1

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

9.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Netis WF2880 Buffer Overflow Vulnerability in cgitest.cgi Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

Netis WF2880

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating