CVE-2025-2921

Name of the Vulnerable Software and Affected Versions Netis WF-2404 version 1.1.124EN

Description A critical issue has been discovered, affecting an unknown function of the file /etc/passwd. The manipulation with the input Realtek leads to the use of a default password. It is possible to launch the attack on the physical device. The complexity of an attack is rather high, and the exploitability is told to be difficult. The exploit has been disclosed to the public and may be used.

Recommendations For Netis WF-2404 version 1.1.124EN, consider changing the default password to a strong, unique password to mitigate the risk of exploitation. As a temporary workaround, restrict physical access to the device until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.