CVSS: 2.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2922 – Netis WF-2404 BusyBox Shell cleartext storage
https://notcve.org/view.php?id=CVE-2025-2922
28 Mar 2025 — A vulnerability classified as problematic was found in Netis WF-2404 1.1.124EN. Affected by this vulnerability is an unknown functionality of the component BusyBox Shell. The manipulation leads to cleartext storage of sensitive information. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. • https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-with • CWE-310: Cryptographic Issues CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2921 – Netis WF-2404 passwd default password
https://notcve.org/view.php?id=CVE-2025-2921
28 Mar 2025 — A vulnerability classified as critical has been found in Netis WF-2404 1.1.124EN. Affected is an unknown function of the file /etc/passwd. The manipulation with the input Realtek leads to use of default password. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. • https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-cont • CWE-1393: Use of Default Password •
CVSS: 2.0EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2920 – Netis WF-2404 passwd weak hash
https://notcve.org/view.php?id=CVE-2025-2920
28 Mar 2025 — A vulnerability was found in Netis WF-2404 1.1.124EN. It has been rated as problematic. This issue affects some unknown processing of the file /еtc/passwd. The manipulation leads to use of weak hash. It is possible to launch the attack on the physical device. • https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-cont • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-328: Use of Weak Hash •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2919 – Netis WF-2404 UART hardware allows activation of test or debug logic at runtime
https://notcve.org/view.php?id=CVE-2025-2919
28 Mar 2025 — A vulnerability was found in Netis WF-2404 1.1.124EN. It has been declared as critical. This vulnerability affects unknown code of the component UART. The manipulation leads to hardware allows activation of test or debug logic at runtime. It is possible to launch the attack on the physical device. • https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-with • CWE-489: Active Debug Code CWE-1313: Hardware Allows Activation of Test or Debug Logic at Runtime •