CVE-2025-26064 is a cross-site scripting (XSS) vulnerability identified in Intelbras RX1500 version 2.2.9 and RX3000 version 1.0.11 network devices. The vulnerability arises from insufficient input sanitization of the 'name' field for connected devices, allowing an attacker to inject crafted HTML or JavaScript payloads. When a malicious payload is injected, it executes in the context of the device's web management interface, potentially enabling attackers to hijack sessions, steal sensitive information, or manipulate device settings. The vulnerability does not require any authentication or user interaction, increasing its exploitability. The CVSS v3.1 base score is 7.3, reflecting network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and impacts on confidentiality, integrity, and availability (C:L/I:L/A:L). Although no public exploits have been reported yet, the vulnerability's characteristics make it a viable target for attackers aiming to compromise network infrastructure. Intelbras devices are commonly used in small to medium enterprises and some critical infrastructure environments, making this vulnerability relevant for organizations relying on these products. The lack of available patches at the time of publication necessitates immediate mitigation efforts to reduce exposure.

For European organizations, exploitation of CVE-2025-26064 could lead to unauthorized access to device management interfaces, enabling attackers to intercept or manipulate network traffic, steal credentials, or disrupt network operations. This is particularly concerning for sectors such as telecommunications, government, healthcare, and critical infrastructure where Intelbras devices may be deployed. The vulnerability's ability to affect confidentiality, integrity, and availability simultaneously could result in data breaches, operational downtime, and loss of trust. Given the network-accessible nature of the devices and no requirement for authentication, attackers could exploit this vulnerability remotely, increasing the risk of widespread impact. Organizations with inadequate network segmentation or exposed management interfaces are especially vulnerable. The absence of known exploits currently provides a window for proactive defense, but the potential for rapid weaponization remains high.

1. Immediately restrict access to the web management interfaces of Intelbras RX1500 and RX3000 devices by implementing network segmentation and firewall rules limiting access to trusted IP addresses only. 2. Employ web application firewalls (WAFs) or intrusion prevention systems (IPS) capable of detecting and blocking XSS payloads targeting device management interfaces. 3. Monitor network traffic and device logs for unusual activity or unexpected input in device name fields. 4. Disable or limit the ability to rename connected devices remotely if possible until a patch is available. 5. Engage with Intelbras support channels to obtain official patches or firmware updates addressing this vulnerability as soon as they are released. 6. Educate network administrators on the risks of XSS vulnerabilities and the importance of validating input fields in device management portals. 7. Conduct regular security assessments and penetration tests focusing on network device interfaces to detect similar vulnerabilities proactively.