Scoozi

**Name of the Vulnerable Software and Affected Versions** Netis WF-2404 version 1.1.124EN **Description** A critical issue affects the UART component, allowing activation of test or debug logic at runtime through physical device manipulation. The vendor was contacted about this disclosure but did not respond. **Recommendations** For Netis WF-2404 version 1.1.124EN, as a temporary workaround, consider restricting physical access to the device to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netis WF-2404 version 1.1.124EN **Description** A vulnerability was found in the processing of the file /etc/passwd, which leads to the use of a weak hash. The complexity of an attack is rather high, and the exploitation is known to be difficult. However, the exploit has been disclosed to the public and may be used. The attack can be launched on the physical device. **Recommendations** For Netis WF-2404 version 1.1.124EN, as a temporary workaround, consider restricting access to the /etc/passwd file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netis WF-2404 version 1.1.124EN **Description** A critical issue has been discovered, affecting an unknown function of the file /etc/passwd. The manipulation with the input `Realtek` leads to the use of a default password. It is possible to launch the attack on the physical device. The complexity of an attack is rather high, and the exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. **Recommendations** For Netis WF-2404 version 1.1.124EN, consider changing the default password to a strong, unique password to mitigate the risk of exploitation. As a temporary workaround, restrict physical access to the device until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Netis WF-2404 version 1.1.124EN **Description** A problematic issue was found in the BusyBox Shell component, leading to cleartext storage of sensitive information. The attack can be launched on the physical device and has a high complexity, making exploitation difficult. The exploit has been publicly disclosed, and the vendor was contacted but did not respond. **Recommendations** For Netis WF-2404 version 1.1.124EN, at the moment, there is no information about a newer version that contains a fix for this issue.