CVE-2025-3759

Name of the Vulnerable Software and Affected Versions The product name cannot be determined.

Description The endpoint /cgi-bin-igd/netcore set.cgi is used for changing device configuration and is accessible without authentication, posing a significant security threat. This could allow for administrator account hijacking or AP password changing. The vendor was contacted about this disclosure but did not respond.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.