CVE-2025-45835

HIGH Year: 2025
CVSS v3 Score
7.5
High
Weakness Type
CWE-476
View all →

Vulnerability Description

A null pointer dereference vulnerability was discovered in Netis WF2880 v2.1.40207. The vulnerability exists in the FUN_004904c8 function of the cgitest.cgi file. Attackers can trigger this vulnerability by controlling the environment variable value CONTENT_LENGTH, causing the program to crash and potentially leading to a denial-of-service (DoS) attack.

Related Vulnerabilities

CVE-1999-0052

HIGH
CVSS:7.5(High)

IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.

CWE-4761999

CVE-2002-0401

HIGH
CVSS:7.5(High)

SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL point...

CWE-4762002

CVE-2002-1912

HIGH
CVSS:7.5(High)

SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exceptio...

CWE-4762002

CVE-2003-1000

HIGH
CVSS:7.5(High)

xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.

CWE-4762003

CVE-2003-1013

HIGH
CVSS:7.5(High)

The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.

CWE-4762003

CVE-2004-0079

HIGH
CVSS:7.5(High)

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null ...

CWE-4762004