Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

wf2780_firmware

Source -

ADPNVD

CNA CVEs -

0

ADP CVEs -

2

CISA CVEs -

0

NVD CVEs -

4
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2025-50635
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.05% / 14.92%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 00:00
Updated-15 Aug, 2025 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. The vulnerability exists in the FUN_0048a728 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the CONTENT_LENGTH variable, causing the program to crash and potentially leading to a denial-of-service (DoS) attack.

Action-Not Available
Vendor-n/aNetis Systems Co., Ltd.
Product-wf2780wf2780_firmwaren/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2024-25850
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-10.45% / 92.93%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 00:00
Updated-03 Apr, 2025 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_ssid5g parameter

Action-Not Available
Vendor-n/aNetis Systems Co., Ltd.
Product-wf2780_firmwarewf2780n/awf2780_firmware
CWE ID-CWE-77
Improper Neutralization of Special Elements used in a Command ('Command Injection')
CVE-2024-25851
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8||HIGH
EPSS-0.38% / 58.83%
||
7 Day CHG~0.00%
Published-22 Feb, 2024 | 00:00
Updated-03 Apr, 2025 | 13:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the config_sequence parameter in other_para of cgitest.cgi.

Action-Not Available
Vendor-n/aNetis Systems Co., Ltd.
Product-wf2780_firmwarewf2780n/awf2780_firmware
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2021-26747
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-24.40% / 95.89%
||
7 Day CHG~0.00%
Published-18 Feb, 2021 | 20:55
Updated-03 Aug, 2024 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.

Action-Not Available
Vendor-n/aNetis Systems Co., Ltd.
Product-wf2780wf2411wf2411_firmwarewf2780_firmwaren/a
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')