CVE-2025-26065 is a cross-site scripting (XSS) vulnerability identified in Intelbras RX1500 version 2.2.9 and RX3000 version 1.0.11. The vulnerability arises from insufficient input validation and output encoding in the web interface of these devices, specifically when processing the SSID (name) of visiting Wi-Fi networks. An attacker can craft a malicious payload embedded within the Wi-Fi network name, which, when processed and displayed by the device's web management interface, executes arbitrary JavaScript or HTML code. This type of reflected or stored XSS attack can lead to unauthorized actions such as session hijacking, credential theft, or injection of malicious content into the device’s web interface. The vulnerability requires no authentication or user interaction, and the attack vector is network-based, meaning an attacker only needs to broadcast a malicious SSID within wireless range of the device. The CVSS v3.1 base score is 7.3, indicating high severity, with metrics showing network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and impacts on confidentiality, integrity, and availability (C:L/I:L/A:L). No patches are currently linked, and no exploits are known to be active in the wild, but the vulnerability is publicly disclosed and should be addressed promptly. The CWE classification is CWE-79, which covers improper neutralization of input during web page generation leading to XSS.

For European organizations, this vulnerability poses a significant risk to the security of wireless network infrastructure managed by Intelbras RX1500 and RX3000 devices. Exploitation could lead to unauthorized access to device management interfaces, enabling attackers to alter configurations, intercept sensitive data, or pivot into internal networks. Confidentiality is at risk due to potential data leakage through script execution; integrity may be compromised by unauthorized changes to device settings or injected malicious content; availability could be affected if attackers disrupt device operations or cause denial of service. Sectors such as government, finance, healthcare, and critical infrastructure that rely on secure Wi-Fi connectivity are particularly vulnerable. The lack of authentication and user interaction requirements increases the likelihood of exploitation in environments where these devices are deployed. Additionally, the vulnerability could be leveraged as a foothold for broader network attacks or espionage campaigns targeting European entities.

Organizations should immediately inventory their network devices to identify Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 models. Until official patches are released, administrators should implement strict filtering and sanitization of SSIDs allowed in the wireless environment, potentially disabling the display of visiting Wi-Fi network names in the device interface if configurable. Network segmentation and access controls should be enforced to limit exposure of management interfaces to untrusted networks. Monitoring and logging of web interface access should be enhanced to detect suspicious activities indicative of exploitation attempts. Employing web application firewalls (WAFs) or intrusion detection systems (IDS) capable of detecting XSS payloads targeting these devices can provide additional defense layers. Once Intelbras releases security updates, prompt application of patches is critical. Additionally, educating staff about the risks of connecting to untrusted Wi-Fi networks and the implications of rogue SSIDs can reduce attack surface. Consider replacing vulnerable devices with models that have robust input validation and security features if patching is delayed.