exploitDog

CVE-2025-45835

Опубликовано: 12 мая 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. The vulnerability exists in the FUN_004904c8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the environment variable value CONTENT_LENGTH, causing the program to crash and potentially leading to a denial-of-service (DoS) attack.

Ссылки

https://github.com/Chinesexilinyu/Netis-WF2880-cgitest.cgi-Null-Pointer-Dereference-Vulnerability/tree/main/1
Exploit
Third Party Advisory
https://github.com/Chinesexilinyu/Netis-WF2880-cgitest.cgi-Null-Pointer-Dereference-Vulnerability/tree/main/1
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:netis-systems:wf2880_firmware:2.1.40207:*:*:*:*:*:*:*

cpe:2.3:h:netis-systems:wf2880:-:*:*:*:*:*:*:*

EPSS

Процентиль: 33%

0.0013

Низкий

7.5 High

CVSS3

Дефекты

CWE-476

Связанные уязвимости

GHSA-gp6q-p5qw-43q6

CVSS3: 7.5

github

9 месяцев назад

A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. The vulnerability exists in the FUN_004904c8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the environment variable value CONTENT_LENGTH, causing the program to crash and potentially leading to a denial-of-service (DoS) attack.

EPSS

Процентиль: 33%

0.0013

Низкий

7.5 High

CVSS3

Дефекты

CWE-476