CVE-2025-3759

Endpoint/cgi-bin-igd/netcore_set.cgiwhich is used for changing device configuration is accessible without authentication. This poses a significant security threat allowing for e.g: administrator account hijacking or AP password changing.
The vendor was contacted early about this disclosure but did not respond in any way.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
UNKNOWN
---
CERT-PLCNA
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Common Weakness Enumeration
References
https://cert.pl/en/posts/2025/05/CVE-2025-3758
https://cert.pl/posts/2025/05/CVE-2025-3758