WF2780
by Netis
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-1617 | Low | 0.16 | 2.4 | 0.00 | Feb 24, 2025 | A vulnerability, which was classified as problematic, was found in Netis WF2780 2.1.41925. This affects an unknown part of the component Wireless 2.4G Menu. The manipulation of the argument SSID leads to cross site scripting. It is possible to initiate the attack remotely. The… | ||
| CVE-2021-26747 | 0.02 | — | 0.54 | Feb 18, 2021 | Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution. | |||
| CVE-2024-25850 | 0.01 | — | 0.19 | Feb 22, 2024 | Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_ssid5g parameter | |||
| CVE-2025-50635 | 0.00 | — | 0.00 | Aug 13, 2025 | A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. The vulnerability exists in the FUN_0048a728 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the CONTENT_LENGTH variable, causing the program to crash… | |||
| CVE-2024-25851 | 0.00 | — | 0.02 | Feb 22, 2024 | Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the config_sequence parameter in other_para of cgitest.cgi. |
- risk 0.16cvss 2.4epss 0.00
A vulnerability, which was classified as problematic, was found in Netis WF2780 2.1.41925. This affects an unknown part of the component Wireless 2.4G Menu. The manipulation of the argument SSID leads to cross site scripting. It is possible to initiate the attack remotely. The…
- CVE-2021-26747Feb 18, 2021risk 0.02cvss —epss 0.54
Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.
- CVE-2024-25850Feb 22, 2024risk 0.01cvss —epss 0.19
Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_ssid5g parameter
- CVE-2025-50635Aug 13, 2025risk 0.00cvss —epss 0.00
A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. The vulnerability exists in the FUN_0048a728 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the CONTENT_LENGTH variable, causing the program to crash…
- CVE-2024-25851Feb 22, 2024risk 0.00cvss —epss 0.02
Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the config_sequence parameter in other_para of cgitest.cgi.