VYPR

WF2419

by Netis

CVEs (7)

  • CVE-2018-6391HigJan 29, 2018
    risk 0.57cvss 8.8epss 0.01

    A cross-site request forgery web vulnerability has been discovered on Netis WF2419 V2.2.36123 devices. A remote attacker is able to delete Address Reservation List settings.

  • CVE-2018-6190MedJan 24, 2018
    risk 0.38cvss 5.4epss 0.02

    Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page.

  • CVE-2018-5967MedJan 25, 2018
    risk 0.35cvss 5.4epss 0.01

    Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter on the Bandwidth Control Rule Settings page.

  • CVE-2019-19356KEVFeb 7, 2020
    risk 0.19cvss epss 0.28

    Netis WF2419 is vulnerable to authenticated Remote Code Execution (RCE) as root through the router Web management page. The vulnerability has been found in firmware version V1.2.31805 and V2.2.36123. After one is connected to this page, it is possible to execute system commands…

  • CVE-2025-9119LowAug 18, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSID with the input <img/src/onerror=prompt(8)> causes cross site scripting. Remote…

  • CVE-2019-8985Feb 21, 2019
    risk 0.05cvss epss 0.13

    On Netis WF2411 with firmware 2.1.36123 and other Netis WF2xxx devices (possibly WF2411 through WF2880), there is a stack-based buffer overflow that does not require authentication. This can cause denial of service (device restart) or remote code execution. This vulnerability…

  • CVE-2021-26747Feb 18, 2021
    risk 0.02cvss epss 0.54

    Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.