Chinesexilinyu

**Name of the Vulnerable Software and Affected Versions** Netis WF2880 version 2.1.40207 **Description** A null pointer dereference issue was discovered. The issue exists in the `FUN 004904c8` function of the `cgitest.cgi` file. Attackers can trigger this issue by controlling the environment variable value `CONTENT LENGTH`, causing the program to crash and potentially leading to a denial-of-service (DoS) attack. **Recommendations** For Netis WF2880 version 2.1.40207, as a temporary workaround, consider restricting access to the `cgitest.cgi` file or disabling the `FUN 004904c8` function until a patch is available. Avoid using the `CONTENT LENGTH` environment variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.