CVE-2025-55976
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-10

Last updated on: 2025-10-17

Assigner: MITRE

Description
Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-10
Last Modified
2025-10-17
Generated
2026-06-16
AI Q&A
2025-09-10
EPSS Evaluated
2026-06-15
NVD
CVE-2025-55976
EUVD
EUVD-2025-27603
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
intelbras iwr_3000n_firmware to 1.9.8 (inc)
intelbras iwr_3000n *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-319 The product transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability in Intelbras IWR 3000N router firmware version 1.9.8 allows any unauthenticated user on the local network to access the /api/wireless endpoint and retrieve the Wi-Fi password in plaintext. This happens because the API endpoint returns the Wi-Fi password within a JSON response without requiring any login or authentication, exposing sensitive information to unauthorized users. [1]

Impact Analysis

This vulnerability can lead to unauthorized access to your Wi-Fi network by anyone connected to the local network. Attackers can use the exposed password to connect to your network, perform lateral movement, network pivoting, Man-in-the-Middle (MitM) attacks, internal network sniffing, and potentially fully compromise your wireless network security. [1]

Detection Guidance

You can detect this vulnerability by sending an unauthenticated HTTP GET request to the /vl/interface/wireless endpoint on the Intelbras IWR 3000N router within your local network. For example, using curl: curl http://<router-ip>/vl/interface/wireless. If the response JSON contains fields like "key" or "key1" with the Wi-Fi password in plaintext, the device is vulnerable. [1]

Mitigation Strategies

Immediate mitigation steps include restricting access to the router's management interface to trusted devices only, monitoring the network for unknown clients to detect unauthorized access, and replacing the device or updating its firmware once an official fix is released. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-55976. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart