Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2025-50613

High

7.5/10

Summary

A buffer overflow vulnerability has been discovered in Netis WF2880 v2.1.40207 in the FUN_00475e1c function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the value of wds_key_wep in the payload, which can cause the program to crash and potentially lead to a Denial of Service (DoS) attack.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

Advisory Timeline

Published Aug 13, 2025

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CVE-2025-50613

Summary

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS