7.2

CVE-2025-2919

Exploit
A vulnerability was found in Netis WF-2404 1.1.124EN. It has been declared as critical. This vulnerability affects unknown code of the component UART. The manipulation leads to hardware allows activation of test or debug logic at runtime. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netis-systemsNetis Wf-2404 Firmware Version1.1.124en
   Netis-systemsNetis Wf-2404 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.08% 0.236
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cna@vuldb.com 6.8 0.9 5.9
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com 7 0 0
CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-1313 Hardware Allows Activation of Test or Debug Logic at Runtime

During runtime, the hardware allows for test or debug logic (feature) to be activated, which allows for changing the state of the hardware. This feature can alter the intended behavior of the system and allow for alteration and leakage of sensitive data by an adversary.

CWE-489 Active Debug Code

The product is deployed to unauthorized actors with debugging code still enabled or active, which can create unintended entry points or expose sensitive information.

https://vuldb.com/?id.301894
Third Party Advisory
VDB Entry
https://vuldb.com/?ctiid.301894
VDB Entry
Permissions Required
https://vuldb.com/?submit.521036
Third Party Advisory
VDB Entry