CRITICAL🇵🇱 Wersja polska

CVE-2025-67446

CVSS 9.8v3.1pub. 2026-06-04

Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie value (e.g., setting it to "admin"), an attacker can bypass the authentication schema and gain unauthorized access to admin functionalities.

🤖 AI Analysis
How it works

The router implements authentication based on cookie values; however, this value is weak and predictable. An attacker can manually modify the cookie value in an HTTP request — for example, by setting it to the string 'admin' — causing the system to treat such a request as coming from an authenticated administrator. The authentication mechanism does not securely verify user identity, relying solely on an easily guessable session value (CWE-384: Session Fixation).

Impact

An unauthenticated remote attacker can gain full access to the router's administrative panel, enabling network configuration changes, network traffic interception, and compromise of the confidentiality, integrity, and availability of the device and the supported network.

Mitigation & patch

Apply patches available from the manufacturer according to the references. Until patching, it is recommended to restrict access to the router's administrative panel only to trusted IP addresses or local network, and disable remote management through the network interface.

Who is affected

Neterbit NW-431F Router firmware version 20241014-IR03 and earlier

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References