CWE-1313
Hardware Allows Activation of Test or Debug Logic at Runtime
During runtime, the hardware allows for test or debug logic (feature) to be activated, which allows for changing the state of the hardware. This feature can alter the intended behavior of the system and allow for alteration and leakage of sensitive data by an adversary.
CVE-2025-2919 (GCVE-0-2025-2919)
Vulnerability from cvelistv5
Published
2025-03-28 17:31
Modified
2025-03-28 17:42
Severity ?
7.0 (High) - CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
VLAI Severity ?
EPSS score ?
CWE
Summary
A vulnerability was found in Netis WF-2404 1.1.124EN. It has been declared as critical. This vulnerability affects unknown code of the component UART. The manipulation leads to hardware allows activation of test or debug logic at runtime. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
References
► | URL | Tags | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
{ "containers": { "adp": [ { "metrics": [ { "other": { "content": { "id": "CVE-2025-2919", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2025-03-28T17:42:22.165899Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2025-03-28T17:42:25.648Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "references": [ { "tags": [ "exploit" ], "url": "https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-with" } ], "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "modules": [ "UART" ], "product": "WF-2404", "vendor": "Netis", "versions": [ { "status": "affected", "version": "1.1.124EN" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "scoozi (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Netis WF-2404 1.1.124EN. It has been declared as critical. This vulnerability affects unknown code of the component UART. The manipulation leads to hardware allows activation of test or debug logic at runtime. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." }, { "lang": "de", "value": "In Netis WF-2404 1.1.124EN wurde eine Schwachstelle ausgemacht. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Komponente UART. Durch Beeinflussen mit unbekannten Daten kann eine hardware allows activation of test or debug logic at runtime-Schwachstelle ausgenutzt werden. Ein Angriff setzt physischen Zugriff auf dem Zielobjekt voraus. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV4_0": { "baseScore": 7, "baseSeverity": "HIGH", "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 6.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-1313", "description": "Hardware Allows Activation of Test or Debug Logic at Runtime", "lang": "en", "type": "CWE" } ] }, { "descriptions": [ { "cweId": "CWE-489", "description": "Active Debug Code", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2025-03-28T17:31:05.919Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-301894 | Netis WF-2404 UART hardware allows activation of test or debug logic at runtime", "tags": [ "vdb-entry" ], "url": "https://vuldb.com/?id.301894" }, { "name": "VDB-301894 | CTI Indicators (IOB, IOC)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.301894" }, { "name": "Submit #521036 | Netis WF-2404 Firmware Version: APR-R4A4-V1.1.124EN-Netis(WF-2404),2010.12.14 16:18. Hardware Allows Activation of Test or Debug Logic at Runtime", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.521036" }, { "tags": [ "exploit" ], "url": "https://scoozi.substack.com/p/hacking-a-netis-wf-2404-router-with" } ], "timeline": [ { "lang": "en", "time": "2025-03-28T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2025-03-28T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2025-03-28T12:53:38.000Z", "value": "VulDB entry last update" } ], "title": "Netis WF-2404 UART hardware allows activation of test or debug logic at runtime" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2025-2919", "datePublished": "2025-03-28T17:31:05.919Z", "dateReserved": "2025-03-28T11:48:25.491Z", "dateUpdated": "2025-03-28T17:42:25.648Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Mitigation
Phase: Architecture and Design
Description:
- Insert restrictions on when the hardware's test or debug features can be activated. For example, during normal operating modes, the hardware's privileged modes that allow access to such features cannot be activated. Configuring the hardware to only enter a test or debug mode within a window of opportunity such as during boot or configuration stage. The result is disablement of such test/debug features and associated modes during normal runtime operations.
Mitigation
Phase: Implementation
Description:
- Insert restrictions on when the hardware's test or debug features can be activated. For example, during normal operating modes, the hardware's privileged modes that allow access to such features cannot be activated. Configuring the hardware to only enter a test or debug mode within a window of opportunity such as during boot or configuration stage. The result is disablement of such test/debug features and associated modes during normal runtime operations.
Mitigation
Phase: Integration
Description:
- Insert restrictions on when the hardware's test or debug features can be activated. For example, during normal operating modes, the hardware's privileged modes that allow access to such features cannot be activated. Configuring the hardware to only enter a test or debug mode within a window of opportunity such as during boot or configuration stage. The result is disablement of such test/debug features and associated modes during normal runtime operations.
CAPEC-121: Exploit Non-Production Interfaces
An adversary exploits a sample, demonstration, test, or debug interface that is unintentionally enabled on a production system, with the goal of gleaning information or leveraging functionality that would otherwise be unavailable.