CVE-2025-26065 is a cross-site scripting (XSS) vulnerability identified in Intelbras RX1500 version 2.2.9 and RX3000 version 1.0.11 devices. The vulnerability arises from improper sanitization of user-controllable input, specifically the name of a visiting Wi-Fi network (SSID). An attacker can craft a malicious payload embedded within the SSID name, which when processed by the device's web interface, leads to execution of arbitrary web scripts or HTML code. This type of XSS vulnerability enables attackers to perform actions such as session hijacking, defacement of the web interface, or redirection to malicious sites. The vulnerability affects the web management interface of the affected Intelbras devices, which are typically used as network routers or access points. No CVSS score has been assigned yet, and there are no known exploits in the wild at the time of publication. The lack of patch links suggests that a fix may not yet be available, or it has not been publicly disclosed. The vulnerability was reserved in early 2025 and published in August 2025, indicating it is a recent discovery. Since the attack vector involves injecting malicious scripts via the SSID name, exploitation requires the attacker to be within wireless range to broadcast the malicious SSID or to trick an administrator into interacting with the crafted network name through the device's web interface. The vulnerability could be leveraged to compromise the confidentiality and integrity of the device's management session, potentially leading to further network compromise if administrative credentials or session tokens are stolen or manipulated.

For European organizations using Intelbras RX1500 and RX3000 devices, this vulnerability poses a risk primarily to network infrastructure security. Successful exploitation could allow attackers to execute arbitrary scripts within the context of the device's web management interface, potentially leading to unauthorized access or control over the device. This could result in network disruption, interception of sensitive network management data, or pivoting attacks within the internal network. Given that many organizations rely on secure and stable network devices, this vulnerability could undermine trust in network integrity and availability. The impact is heightened in environments where these devices are used in critical infrastructure, enterprise networks, or public-facing Wi-Fi deployments. Additionally, since exploitation requires proximity or interaction with the device's management interface, organizations with physical security controls and strict network management policies may reduce risk, but those with exposed or poorly secured management interfaces are more vulnerable. The absence of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits following public disclosure.

To mitigate this vulnerability, European organizations should first verify if they are using the affected Intelbras RX1500 v2.2.9 or RX3000 v1.0.11 firmware versions. If so, they should monitor Intelbras communications for patches or firmware updates addressing CVE-2025-26065 and apply them promptly once available. In the interim, organizations should restrict access to the device's web management interface by implementing network segmentation and access control lists (ACLs) to limit management access to trusted hosts only. Disabling SSID broadcasting of untrusted or unknown networks near the device can reduce the risk of malicious SSID injection. Administrators should avoid connecting to or interacting with suspicious Wi-Fi networks and ensure that web management sessions use secure protocols (HTTPS) with strong authentication. Additionally, network monitoring tools should be configured to detect anomalous SSID names or unusual web interface activity. If possible, disable or limit the display of visiting Wi-Fi network names in the device interface to reduce exposure to malicious payloads. Finally, educating network administrators about the risks of interacting with untrusted wireless networks and the importance of prompt patching is critical.