Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-3758

WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early about this disclosure but did not respond in any way.

Published

2025-05-08T10:15:18.017

Last Modified

2025-10-03T09:15:37.933

Status

Awaiting Analysis

Source

[email protected]

Severity

Weaknesses

Type: Secondary
CWE-256
CWE-306

Affected Vendors & Products

References

https://cert.pl/en/posts/2025/05/CVE-2025-3758 ([email protected])
https://cert.pl/posts/2025/05/CVE-2025-3758 ([email protected])