CVE-2025-3758

HIGH

WF2220 - Info Disclosure

Title source: llm

Description

WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early about this disclosure but did not respond in any way.

References (2)

[Various Sources] https://cert.pl/posts/2025/05/CVE-2025-3758

[Various Sources] https://cert.pl/en/posts/2025/05/CVE-2025-3758

Scores

CVSS v4 8.7

EPSS 0.0012

EPSS Percentile 31.1%

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-256 CWE-306

Status published

Products (1)

Netis Systems/WF2220 1.2.31706

Published May 08, 2025

Tracked Since Feb 18, 2026