CVE-2025-3758

Vulnerability Description

WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early about this disclosure but did not respond in any way.

Related Weaknesses (CWE)

CWE-306 CWE-256

References

https://cert.pl/en/posts/2025/05/CVE-2025-3758
https://cert.pl/posts/2025/05/CVE-2025-3758

FAQ

What is CVE-2025-3758?

CVE-2025-3758 is a documented vulnerability. WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early ...

How severe is CVE-2025-3758?

CVSS scoring is not yet available for CVE-2025-3758. Check NVD for updates.

Is there a patch for CVE-2025-3758?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.