CVE-2025-3758

WF2220 exposes endpoint/cgi-bin-igd/netcore_get.cgithat returns configuration of the device to unauthorized users. Returned configuration includes cleartext password.
The vendor was contacted early about this disclosure but did not respond in any way.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
CERT-PLCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Common Weakness Enumeration
References
https://cert.pl/en/posts/2025/05/CVE-2025-3758
https://cert.pl/posts/2025/05/CVE-2025-3758