CVE-2025-3758 is a high-severity vulnerability affecting the Netis Systems WF2220 router, specifically version 1.2.31706. The vulnerability arises from a missing authentication mechanism on the endpoint /cgi-bin-igd/netcore_get.cgi. This endpoint returns the device's configuration data, including sensitive information such as cleartext passwords, to any unauthenticated user who accesses it. The lack of authentication (CWE-306) combined with the exposure of sensitive data in cleartext (CWE-311) creates a critical security flaw. An attacker with network access to the device can retrieve configuration details without any credentials or user interaction, potentially allowing them to compromise the device or the network it protects. The vendor was notified early but has not responded or provided a patch, leaving the vulnerability unmitigated. The CVSS 4.0 base score is 8.7, reflecting the high impact on confidentiality, integrity, and availability, with no privileges or user interaction required, and the attack vector being adjacent network (AV:A). This vulnerability is particularly dangerous because it exposes passwords in cleartext, enabling attackers to escalate privileges or pivot within the network. No known exploits are currently reported in the wild, but the simplicity of exploitation and severity make it a significant threat.

For European organizations, this vulnerability poses a substantial risk, especially for those using Netis WF2220 routers in their network infrastructure. The exposure of cleartext passwords can lead to unauthorized access to network devices, allowing attackers to alter configurations, intercept or redirect traffic, or launch further attacks within the corporate network. This can result in data breaches, loss of confidentiality, disruption of services, and potential compliance violations under regulations such as GDPR. Organizations in sectors with critical infrastructure or sensitive data—such as finance, healthcare, and government—are particularly vulnerable. The vulnerability's exploitation could also facilitate lateral movement by attackers, increasing the scope and severity of potential incidents. Since the attack vector is adjacent network, internal networks or Wi-Fi segments where these routers operate are at risk, including remote offices or branch locations. The lack of vendor response and patch availability increases the urgency for organizations to implement compensating controls to mitigate exposure.

Given the absence of an official patch, European organizations should take immediate practical steps to mitigate this vulnerability. First, restrict network access to the affected device's management interfaces by implementing strict firewall rules or VLAN segmentation to limit access to trusted administrators only. Disable remote management features if enabled, or restrict them to secure VPN connections. Monitor network traffic for suspicious requests to the /cgi-bin-igd/netcore_get.cgi endpoint and implement intrusion detection/prevention systems (IDS/IPS) signatures to alert on or block such attempts. Change all default and existing passwords on the device to strong, unique credentials to reduce the risk if partial information is leaked. Consider replacing the affected devices with alternative routers from vendors with active security support if feasible. Additionally, conduct regular network scans to identify devices running the vulnerable firmware version and maintain an updated asset inventory. Educate IT staff about this vulnerability and ensure incident response plans include steps for potential exploitation scenarios. Finally, engage with Netis Systems through official channels to demand a security patch and monitor for any future updates.