CVE-2025-50635
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-13
Last updated on: 2025-08-15
Assigner: MITRE
Description
Description
A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. The vulnerability exists in the FUN_0048a728 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the CONTENT_LENGTH variable, causing the program to crash and potentially leading to a denial-of-service (DoS) attack.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netis-systems | wf2780_firmware | 2.2.35445 |
| netis-systems | wf2780 | * |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a null pointer dereference in the Netis WF2780 router firmware version 2.2.35445. It occurs in the FUN_0048a728 function within the cgitest.cgi file. An attacker can exploit this by manipulating the CONTENT_LENGTH variable, which causes the program to crash.
How can this vulnerability impact me? :
Exploiting this vulnerability can cause the affected program to crash, potentially resulting in a denial-of-service (DoS) condition where the device becomes unavailable or unresponsive.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70