CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1617 – Netis WF2780 Wireless 2.4G Menu cross site scripting
https://notcve.org/view.php?id=CVE-2025-1617
24 Feb 2025 — A vulnerability, which was classified as problematic, was found in Netis WF2780 2.1.41925. This affects an unknown part of the component Wireless 2.4G Menu. The manipulation of the argument SSID leads to cross site scripting. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. • https://vuldb.com/?ctiid.296607 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 0CVE-2024-25850
https://notcve.org/view.php?id=CVE-2024-25850
22 Feb 2024 — Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_ssid5g parameter Se descubrió que Netis WF2780 v2.1.40144 contiene una vulnerabilidad de inyección de comandos a través del parámetro wps_ap_ssid5g • https://github.com/no1rr/Vulnerability/blob/master/netis/igd_wps_set_wps_ap_ssid5g.md • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.0EPSS: 1%CPEs: 1EXPL: 0CVE-2024-25851
https://notcve.org/view.php?id=CVE-2024-25851
22 Feb 2024 — Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the config_sequence parameter in other_para of cgitest.cgi. Se descubrió que Netis WF2780 v2.1.40144 contenía una vulnerabilidad de inyección de comandos a través del parámetro config_sequence en other_para de cgitest.cgi. • https://github.com/no1rr/Vulnerability/blob/master/netis/other_para_config_sequence.md • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 13%CPEs: 4EXPL: 1CVE-2021-26747
https://notcve.org/view.php?id=CVE-2021-26747
18 Feb 2021 — Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. Los dispositivos Netis WF2780 versión 2.3.40404 y WF2411 versión 1.1.29629, permiten una inyección de metacaracteres de Shell en el comando ping, conllevando a una ejecución de código remota • http://www.netis-systems.com.tw • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •