CVE-2025-2919 — MEDIUM (6.8)

Vulnerability Description

A vulnerability was found in Netis WF-2404 1.1.124EN. It has been declared as critical. This vulnerability affects unknown code of the component UART. The manipulation leads to hardware allows activation of test or debug logic at runtime. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

CVSS Score

6.8

MEDIUM

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Netis-Systems	Netis Wf-2404 Firmware	1.1.124en
Netis-Systems	Netis Wf-2404	-

Related Weaknesses (CWE)

CWE-489 CWE-1313

References

https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-withExploitThird Party Advisory
https://vuldb.com/?ctiid.301894Permissions RequiredVDB Entry
https://vuldb.com/?id.301894Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.521036Third Party AdvisoryVDB Entry
https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-withExploitThird Party Advisory

FAQ

What is CVE-2025-2919?

CVE-2025-2919 is a vulnerability with a CVSS score of 6.8 (MEDIUM). A vulnerability was found in Netis WF-2404 1.1.124EN. It has been declared as critical. This vulnerability affects unknown code of the component UART. The manipulation leads to hardware allows activat...

How severe is CVE-2025-2919?

CVE-2025-2919 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-2919?

Check the references section above for vendor advisories and patch information. Affected products include: Netis-Systems Netis Wf-2404 Firmware, Netis-Systems Netis Wf-2404.