netis-systems 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk memory corruption、vendor risk csrf、パス処理の欠陥, and vendor risk input validation があり、vendor surface production workloads の利用場面で vendor impact session compromise、vendor impact unexpected behavior, and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-50617 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046ed68 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wps_set in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack. | [email protected] | 7.5 | 0.05% | 2025-08-13 | 2025-08-15 |
| CVE-2025-50616 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_0046f984 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_advanced_set in the payload, which can cause the program to crash and lead to a Denial of Service (DoS) attack. | [email protected] | 7.5 | 0.05% | 2025-08-13 | 2025-08-15 |
| CVE-2025-50615 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00470c50 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_mac_filter_set in the payload, which can cause the program to crash and lead to a Denial of Service (DoS) attack. | [email protected] | 7.5 | 0.05% | 2025-08-13 | 2025-08-15 |
| CVE-2025-50614 | A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_0047151c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_set in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack. | [email protected] | 7.5 | 0.05% | 2025-08-13 | 2025-08-14 |
| CVE-2025-50613 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00475e1c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_key_wep in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack. | [email protected] | 7.5 | 0.05% | 2025-08-13 | 2025-08-18 |
| CVE-2025-50612 | A buffer overflow vulnerability has been discovered in the Netis WF2880 v2.1.40207 in the FUN_004743f8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_sec_set in the payload, which may cause the program to crash and potentially lead to a Denial of Service (DoS) attack. | [email protected] | 7.5 | 0.05% | 2025-08-13 | 2025-08-18 |
| CVE-2025-50611 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00473154 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_sec_set_5g and wl_sec_rp_set_5g in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack. | [email protected] | 7.5 | 0.05% | 2025-08-13 | 2025-08-15 |
| CVE-2025-50610 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00476598 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_base_set_5g in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack. | [email protected] | 7.5 | 0.05% | 2025-08-13 | 2025-08-15 |
| CVE-2025-50609 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the Function_00465620 of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of specify_parame in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack. | [email protected] | 7.5 | 0.05% | 2025-08-13 | 2025-08-15 |
| CVE-2025-50608 | A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00471994 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wl_base_set in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack. | [email protected] | 7.5 | 0.05% | 2025-08-13 | 2025-08-15 |
| CVE-2025-50635 | A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. The vulnerability exists in the FUN_0048a728 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the CONTENT_LENGTH variable, causing the program to crash and potentially leading to a denial-of-service (DoS) attack. | [email protected] | 7.5 | 0.05% | 2025-08-13 | 2025-08-15 |
| CVE-2025-45835 | A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. The vulnerability exists in the FUN_004904c8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the environment variable value CONTENT_LENGTH, causing the program to crash and potentially leading to a denial-of-service (DoS) attack. | [email protected] | 7.5 | 0.40% | 2025-05-12 | 2025-07-09 |
| CVE-2025-2921 | A vulnerability classified as critical has been found in Netis WF-2404 1.1.124EN. Affected is an unknown function of the file /etc/passwd. The manipulation with the input Realtek leads to use of default password. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in a | [email protected] | 5.4 | 0.08% | 2025-03-28 | 2025-04-17 |
| CVE-2025-2919 | A vulnerability was found in Netis WF-2404 1.1.124EN. It has been declared as critical. This vulnerability affects unknown code of the component UART. The manipulation leads to hardware allows activation of test or debug logic at runtime. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 7.0 | 0.11% | 2025-03-28 | 2025-04-17 |
| CVE-2024-33793 | netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the ping test page. | [email protected] | 5.3 | 0.12% | 2024-05-03 | 2025-06-17 |
| CVE-2024-33792 | netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary OS commands via a crafted payload to the tracert page. | [email protected] | 9.8 | 1.07% | 2024-05-03 | 2025-06-17 |
| CVE-2024-33791 | A cross-site scripting (XSS) vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the getTimeZone function. | [email protected] | 4.6 | 0.25% | 2024-05-03 | 2025-06-17 |
| CVE-2024-25851 | Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the config_sequence parameter in other_para of cgitest.cgi. | [email protected] | 8.0 | 0.38% | 2024-02-22 | 2025-04-03 |
| CVE-2024-25850 | Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_ssid5g parameter | [email protected] | 9.8 | 13.15% | 2024-02-22 | 2025-04-03 |
| CVE-2024-22729 | NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page. | [email protected] | 9.8 | 91.17% | 2024-01-25 | 2025-06-04 |