AI description
CVE-2025-1617 is a cross-site scripting (XSS) vulnerability found in Netis WF2780 router firmware version 2.1.41925. The vulnerability exists within the Wireless 2.4G Menu component and is due to improper handling of the SSID parameter. By manipulating the SSID input, an attacker can inject malicious scripts that execute in the context of other users' browsers. The attack can be launched remotely. Further details about the specific function affected within the Wireless 2.4G Menu are currently unknown. It has been reported that the vendor has been contacted regarding this vulnerability but has not yet responded. Exploitation of this vulnerability is considered easy, and technical details, including a proof-of-concept exploit, are publicly available. It requires additional levels of authentication for successful exploitation.
- Description
- A vulnerability, which was classified as problematic, was found in Netis WF2780 2.1.41925. This affects an unknown part of the component Wireless 2.4G Menu. The manipulation of the argument SSID leads to cross site scripting. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.
- Source
- cna@vuldb.com
- NVD status
- Received
CVSS 4.0
- Type
- Secondary
- Base score
- 4.8
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- MEDIUM
CVSS 3.1
- Type
- Primary
- Base score
- 2.4
- Impact score
- 1.4
- Exploitability score
- 0.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
- Severity
- LOW
CVSS 2.0
- Type
- Secondary
- Base score
- 3.3
- Impact score
- 2.9
- Exploitability score
- 6.4
- Vector string
- AV:N/AC:L/Au:M/C:N/I:P/A:N
- cna@vuldb.com
- CWE-79
- Hype score
- Not currently trending
🚨🚨A new vulnerability, CVE-2025-1617, has been uncovered, targeting the Wireless 2.4G menu on Netis WF2780 routers. Hackers can exploit the "SSID" field with a sneaky Cross-Site Scripting (XSS) attack—yep, your Wi-Fi name could be their way in! 😱 🔥PoC:… https://t.co/u5PeoBMC
@zoomeye_team
24 Feb 2025
593 Impressions
3 Retweets
7 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2025-1617 A vulnerability, which was classified as problematic, was found in Netis WF2780 2.1.41925. This affects an unknown part of the component Wireless 2.4G Menu. The manipul… https://t.co/RBOKOHqtVT
@CVEnew
24 Feb 2025
621 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
New post from https://t.co/uXvPWJy6tj (CVE-2025-1617 | Netis WF2780 2.1.41925 Wireless 2.4G Menu SSID cross site scripting) has been published on https://t.co/f8N6YLwaLY
@WolfgangSesin
23 Feb 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes