CVE-2025-45835

Name of the Vulnerable Software and Affected Versions Netis WF2880 version 2.1.40207

Description A null pointer dereference issue was discovered. The issue exists in the FUN 004904c8 function of the cgitest.cgi file. Attackers can trigger this issue by controlling the environment variable value CONTENT LENGTH, causing the program to crash and potentially leading to a denial-of-service (DoS) attack.

Recommendations For Netis WF2880 version 2.1.40207, as a temporary workaround, consider restricting access to the cgitest.cgi file or disabling the FUN 004904c8 function until a patch is available. Avoid using the CONTENT LENGTH environment variable in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.