cbcvebase.

Netis-Systems Wf2780 Firmware vulnerabilities

4 known vulnerabilities affecting netis-systems/wf2780_firmware.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2

Vulnerabilities

Page 1 of 1
CVE-2021-26747P2CRITICALCVSS 9.8v2.3.404042021-02-18
CVE-2021-26747 [CRITICAL] CWE-78 CVE-2021-26747: Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the pin Netis WF2780 2.3.40404 and WF2411 1.1.29629 devices allow Shell Metacharacter Injection into the ping command, leading to remote code execution.
nvd
CVE-2024-25850P2CRITICALCVSS 9.8v2.1.401442024-02-22
CVE-2024-25850 [CRITICAL] CWE-77 CVE-2024-25850: Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_s Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_ssid5g parameter
nvd
CVE-2024-25851P3HIGHCVSS 8.0v2.1.401442024-02-22
CVE-2024-25851 [HIGH] CWE-78 CVE-2024-25851: Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the config_s Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the config_sequence parameter in other_para of cgitest.cgi.
nvd
CVE-2025-50635P3HIGHCVSS 7.5v2.2.354452025-08-13
CVE-2025-50635 [HIGH] CWE-476 CVE-2025-50635: A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. The vulnerabilit A null pointer dereference vulnerability was discovered in Netis WF2780 v2.2.35445. The vulnerability exists in the FUN_0048a728 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the CONTENT_LENGTH variable, causing the program to crash and potentially leading to a denial-of-service (DoS) attack.
nvd
Netis-Systems Wf2780 Firmware vulnerabilities | cvebase