CVE-2025-3758 is a high-severity vulnerability affecting the Netis Systems WF2220 router, specifically version 1.2.31706. The vulnerability arises from a missing authentication mechanism on the endpoint /cgi-bin-igd/netcore_get.cgi. This endpoint, when accessed, returns the device's configuration data, including sensitive information such as cleartext passwords, to any unauthorized user without requiring authentication. The lack of authentication (CWE-306) combined with the exposure of sensitive data in cleartext (CWE-256) creates a critical security flaw. An attacker with network access to the device can exploit this vulnerability remotely without any user interaction or privileges, simply by sending a crafted HTTP request to the vulnerable endpoint. This can lead to full compromise of the device, enabling attackers to obtain administrative credentials, manipulate device settings, intercept or redirect network traffic, and potentially pivot into the internal network. The vendor was notified early but failed to respond or provide a patch, leaving the vulnerability unmitigated. The CVSS 4.0 score of 8.7 reflects the high impact on confidentiality, integrity, and availability, with low attack complexity and no required privileges or user interaction. Although no known exploits are reported in the wild yet, the simplicity and severity of the flaw make it a prime target for attackers once publicized.

For European organizations, the impact of this vulnerability is significant. Many enterprises, small businesses, and home offices rely on Netis WF2220 routers for network connectivity. Exploitation could lead to unauthorized disclosure of network credentials and configurations, enabling attackers to intercept sensitive communications, disrupt network operations, or launch further attacks within the corporate network. This is particularly critical for organizations handling sensitive personal data under GDPR, as a breach could result in regulatory penalties and reputational damage. The vulnerability also poses risks to critical infrastructure sectors that use these devices for connectivity, potentially affecting service availability and operational integrity. Since the vulnerability requires only network access and no authentication, attackers could exploit it remotely if the device is exposed to untrusted networks or if internal networks are compromised. The absence of vendor patches increases the risk exposure duration, necessitating immediate mitigation measures by affected organizations.

Given the lack of an official patch, European organizations should implement the following specific mitigations: 1) Immediately isolate vulnerable WF2220 devices from untrusted networks, especially the internet, by disabling remote management and blocking access to the /cgi-bin-igd/netcore_get.cgi endpoint at the network perimeter using firewall rules or intrusion prevention systems. 2) Replace WF2220 devices with alternative routers from vendors with active security support if feasible. 3) If replacement is not possible, restrict device management access strictly to trusted internal networks and trusted administrators using network segmentation and access control lists. 4) Monitor network traffic for suspicious HTTP requests targeting the vulnerable endpoint and implement alerting mechanisms. 5) Conduct regular audits of router configurations and credentials, and change all device passwords immediately to strong, unique values. 6) Educate IT staff about this vulnerability and ensure rapid incident response capabilities are in place. 7) Engage with Netis Systems for updates and consider subscribing to vulnerability intelligence feeds for timely information on any future patches or exploits.