Filtered by vendor Neterbit
Subscriptions
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-67446 | 1 Neterbit | 1 Nw-431f Router | 2026-06-05 | 9.8 Critical |
| Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie value (e.g., setting it to "admin"), an attacker can bypass the authentication schema and gain unauthorized access to admin functionalities. | ||||
| CVE-2025-67447 | 1 Neterbit | 1 Nw-431f Router | 2026-06-05 | 9.8 Critical |
| The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address field before passing it to the system's ping command. An attacker can inject arbitrary OS commands, which will be executed with the privileges of the web server. | ||||
| CVE-2025-67448 | 1 Neterbit | 1 Nw-431f Router | 2026-06-05 | 7.1 High |
| The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before storing and displaying them. An attacker can send an SMS containing a malicious XSS payload, which will be executed in the context of the victim's browser when the message is viewed. | ||||
| CVE-2025-69755 | 1 Neterbit | 1 Nw-431f Router | 2026-06-05 | 8.2 High |
| An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the at_command.asp interface | ||||
Page 1 of 1.