CVE-2025-9119 | Netis WF2419 1.2.29433 Wireless Settings Page /index.htm SSID cross site scripting

A vulnerability identified as problematic has been detected in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSID with the input <img/src/onerror=prompt(8)> causes cross site scripting.

This vulnerability is registered as CVE-2025-9119. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-9119 | Netis WF2419 1.2.29433 Wireless Settings Page /index.htm SSID cross site scripting

Post correlati

CVE-2023-27150 | openCRX 5.2.0 Manage Activity Name cross site scripting

CVE-2024-28134 | Phoenix Contact CHARX SEC-3150 up to 1.5.1 Session Token cleartext transmission (VDE-2024-019)

CVE-2025-7165 | PHPGurukul/Campcodes Cyber Cafe Management System 1.0 /forgot-password.php email sql injection

CVE-2024-34203 | Totolink CP450 4.1.0cu.747_B20191224 setLanguageCfg stack-based overflow