Primary

Context

Netis WF2780 Null Pointer Dereference Vulnerability in cgitest.cgi Allowing Denial-of-Service

Vulnerability

Patched

A null pointer dereference vulnerability has been identified in the Netis WF2780 router, specifically in the firmware version 2.2.35445. The issue arises in the FUN_0048a728 function within the cgitest.cgi file. Attackers can exploit this vulnerability by manipulating the CONTENT_LENGTH environment variable, leading to a program crash and causing a denial-of-service (DoS) condition.

Impact

Exploitation of this vulnerability causes a null pointer dereference, leading to a program crash and a denial-of-service condition.

Reproduction

The vulnerability can be reproduced by setting the CONTENT_LENGTH environment variable to a negative value, which triggers the null pointer dereference in the cgitest.cgi file.

Added: Sep 1, 2025, 7:22 PM

Updated: Sep 1, 2025, 7:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

7.2

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

2.5

exploitability

7.2

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Netis WF2780 Null Pointer Dereference Vulnerability in cgitest.cgi Allowing Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

Netis WF2780

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating