6.4

CVE-2025-2921

Exploit
A vulnerability classified as critical has been found in Netis WF-2404 1.1.124EN. Affected is an unknown function of the file /etc/passwd. The manipulation with the input Realtek leads to use of default password. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netis-systemsNetis Wf-2404 Firmware Version1.1.124en
   Netis-systemsNetis Wf-2404 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.08% 0.244
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
cna@vuldb.com 5.4 0 0
CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com 6.4 0.5 5.9
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com 6.2 1.9 10
AV:L/AC:H/Au:N/C:C/I:C/A:C
CWE-1393 Use of Default Password

The product uses default passwords for potentially critical functionality.

https://vuldb.com/?ctiid.301896
VDB Entry
Permissions Required
https://vuldb.com/?id.301896
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.521038
Third Party Advisory
VDB Entry