Vulnerability in Netis Wf-2404
CVE-2025-2919
A vulnerability was found in Netis WF-2404 1.1.124EN. It has been declared as critical. This vulnerability affects unknown code of the component UART. The manipulation leads to hardware allows activation of test or debug logic at runtime…
EPSS: 0.001 (26.2th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.8 (Medium). Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Netis Wf-2404 — versions 1.1.124EN
Weakness classification (CWE)
References
- VDB-301894 | Netis WF-2404 UART hardware allows activation of test or debug logic at runtime (vdb-entry)
- VDB-301894 | CTI Indicators (IOB, IOC) (signature, permissions-required)
- Submit #521036 | Netis WF-2404 Firmware Version: APR-R4A4-V1.1.124EN-Netis(WF-2404),2010.12.14 16:18. Hardware Allows Activation of Test or Debug Logic at Runtime (third-party-advisory)
- scoozi.substack.com/p/hacking-a-netis-wf-2404-router-with (exploit)
Frequently asked questions
- What is CVE-2025-2919?
- CVE-2025-2919 is a medium-severity vulnerability in Netis Wf-2404, classified under CWE-1313. CVSS score: 6.8/10. Published 2025-03-28.
- How severe is CVE-2025-2919?
- Medium severity. CVSS v3 base score is 6.8 out of 10.