CVE-2025-67448
Deferred Deferred - Pending Action
Stored XSS in Neterbit NW-431F Router

Publication date: 2026-06-04

Last updated on: 2026-06-04

Assigner: MITRE

Description
The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before storing and displaying them. An attacker can send an SMS containing a malicious XSS payload, which will be executed in the context of the victim's browser when the message is viewed.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-04
Last Modified
2026-06-04
Generated
2026-06-25
AI Q&A
2026-06-04
EPSS Evaluated
2026-06-23
NVD
CVE-2025-67448
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
neterbit nw-431f_router to 20241014-IR03 (inc)
neterbit nw-431f_router to nw-431f-20241014-ir03 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in the SMS module of the Neterbit NW-431F Router allows stored cross-site scripting (XSS) attacks, which can lead to unauthorized data access by executing malicious scripts in the victim's browser.

Such unauthorized access and potential data leakage could negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and breaches.

However, no specific information about compliance impact or mitigation measures related to these standards is provided in the available resources.

Executive Summary

CVE-2025-67448 is a Stored Cross Site Scripting (XSS) vulnerability in the SMS module of the Neterbit NW-431F Router (software version NW-431F-20241014-IR03 and before). The vulnerability occurs because the application does not properly sanitize user input in SMS messages before storing and displaying them.

An attacker can exploit this by sending an SMS containing a malicious XSS payload. When the victim views the message, the malicious script executes in the context of their browser.

Impact Analysis

This vulnerability can lead to unauthorized data access because the malicious script can execute in the victim's browser context.

  • An attacker could steal sensitive information such as cookies or session tokens.
  • It may allow attackers to perform actions on behalf of the victim within the router's web interface.
Detection Guidance

This vulnerability can be detected by monitoring SMS messages sent to the Neterbit NW-431F Router for suspicious or malicious content that includes potential XSS payloads, such as embedded scripts.

Since the vulnerability involves stored XSS in the SMS module, detection involves inspecting SMS message contents for script tags or suspicious JavaScript code.

No specific commands or automated detection tools are provided in the available resources.

Mitigation Strategies

Immediate mitigation steps include avoiding viewing SMS messages on the vulnerable router interface to prevent execution of malicious scripts.

Since no fixed software version is currently available, consider restricting access to the router's SMS module or disabling SMS functionality if possible.

Implement network-level filtering to block suspicious SMS messages containing potential XSS payloads.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-67448. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart