CVE-2025-67446

CVSS v3.1

9.8

Critical

Vector

AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N

Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie value (e.g., setting it to "admin"), an attacker can bypass the authentication schema and gain unauthorized access to admin functionalities.

Exploit

Fix

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384

Related Identifiers

CVE-2025-67446

Affected Products

Undefined

CVE-2025-67446

Weakness Enumeration

Related Identifiers

Affected Products

References · 3