PT-2025-13558 · Netis · Netis Wf-2404

Scoozi

Published

2025-03-28

Updated

2025-03-29

CVE-2025-2920

CVSS v2.0

1.2

Low

Vector

AV:L/AC:H/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Netis WF-2404 version 1.1.124EN

Description A vulnerability was found in the processing of the file /etc/passwd, which leads to the use of a weak hash. The complexity of an attack is rather high, and the exploitation is known to be difficult. However, the exploit has been disclosed to the public and may be used. The attack can be launched on the physical device.

Recommendations For Netis WF-2404 version 1.1.124EN, as a temporary workaround, consider restricting access to the /etc/passwd file until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327CWE-328

Related Identifiers

CVE-2025-2920

Affected Products

Netis Wf-2404

PT-2025-13558 · Netis · Netis Wf-2404

CVE-2025-2920

Weakness Enumeration

Related Identifiers

Affected Products

References · 9