CVE-2025-69755
Remote Code Execution in Neterbit NW-431F Router
Publication date: 2026-06-04
Last updated on: 2026-06-04
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| neterbit | nw-431f_router | to nw-431f-20241014-ir03 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-200 | The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability in the Neterbit NW-431F Router allows a remote attacker to obtain sensitive information and execute arbitrary code without authentication. This unauthorized access to sensitive data could potentially lead to violations of data protection regulations such as GDPR and HIPAA, which require strict controls over access to personal and sensitive information.
Since the vulnerability enables exposure of sensitive information, organizations using the affected router may face compliance risks related to confidentiality and data integrity mandates under these standards.
What immediate steps should I take to mitigate this vulnerability?
Since no fixed version of the software is currently available, immediate mitigation steps include restricting access to the router's web interface, especially the at_command.asp page, to trusted users only.
Ensure that the router is not exposed to untrusted networks or the internet to prevent remote attackers from sending crafted commands.
Monitor network traffic for suspicious activity targeting the at_command.asp interface and consider disabling or limiting features that allow command execution if possible.
Stay updated with vendor announcements for patches or firmware updates addressing this vulnerability.
Can you explain this vulnerability to me?
CVE-2025-69755 is a security vulnerability in the Neterbit NW-431F Router, specifically in the software version NW-431F-20241014-IR03. It allows a remote attacker to send specially crafted commands to the router's at_command.asp interface without needing authentication or authorization.
By exploiting this flaw, the attacker can obtain sensitive information and execute arbitrary code on the router. For example, they can send AT commands like AT+CMGL="ALL" to read SMS messages or perform other unauthorized actions.
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized access to sensitive information stored or processed by the router.
Additionally, an attacker can execute arbitrary code remotely, potentially taking control of the router, disrupting network operations, intercepting communications, or using the device as a foothold for further attacks within the network.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to access the router's at_command.asp interface and sending crafted AT commands to check for unauthorized execution.
For example, you can try accessing the router's webpage at http://192.168.1.1/at_command.asp and send commands such as AT+CMGL="ALL" to see if the router executes them without proper authentication.
- Access the router's at_command.asp interface via the URL: http://192.168.1.1/at_command.asp
- Send AT commands like AT+CMGL="ALL" to check if the router responds or executes the commands.
- Monitor for unauthorized execution or retrieval of sensitive information such as SMS messages.