Security Advisory

CVE-2025-3758

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-05-08 10:05:00

Last updated 2025-10-03 08:57:29

Assigner CERT-PL

State PUBLISHED

Description

WF2220 exposes endpoint /cgi-bin-igd/netcore_get.cgi that returns configuration of the device to unauthorized users. Returned configuration includes cleartext password. The vendor was contacted early about this disclosure but did not respond in any way.

← Browse all CVEs View on cve.org ↗