CVE-2025-4996 is a cross-site scripting (XSS) vulnerability identified in Intelbras RF 301K version 1.1.5. The vulnerability arises from improper sanitization of the 'Description' argument within the 'Add Static IP' component of the device's web interface. An attacker can remotely manipulate this parameter to inject malicious scripts, which are then executed in the context of the victim's browser. This type of vulnerability can be exploited without authentication but requires user interaction (such as an administrator or user accessing a crafted URL or interface). The CVSS 4.0 base score is 4.8, indicating a medium severity level. The vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:H indicates high privileges but the vector suggests no privileges needed, possibly a discrepancy), user interaction required (UI:P), and limited impact on confidentiality and integrity. The vulnerability does not affect availability or system control. The vendor was notified early, but no patch links are currently available, and no known exploits are reported in the wild. Given the nature of the device (Intelbras RF 301K is a network device, likely a router or similar), this vulnerability could allow attackers to perform session hijacking, steal credentials, or conduct further attacks on the network by leveraging the victim's browser session.

For European organizations, the impact of this vulnerability depends on the deployment scale of Intelbras RF 301K devices. If these devices are used in enterprise or critical infrastructure networks, successful exploitation could lead to compromise of administrative sessions, enabling attackers to alter device configurations or pivot into internal networks. This could result in data leakage, unauthorized access, or network disruption. The XSS vulnerability could also be leveraged in targeted phishing campaigns to execute malicious scripts in the context of trusted devices. However, since exploitation requires user interaction and the vulnerability is medium severity, the immediate risk is moderate. Organizations with Intelbras devices in operational technology or sensitive environments should be particularly cautious, as attackers could use this as an initial foothold. The lack of a patch increases the window of exposure. Additionally, the public disclosure of the exploit details raises the risk of opportunistic attacks.

Organizations should implement the following specific mitigations: 1) Restrict access to the Intelbras RF 301K management interface to trusted networks and IP addresses using network segmentation and firewall rules. 2) Employ web application firewalls (WAFs) that can detect and block XSS payloads targeting the device's web interface. 3) Educate users and administrators to avoid clicking on suspicious links or URLs that could trigger the XSS exploit. 4) Monitor device logs and network traffic for unusual activity indicative of exploitation attempts. 5) Regularly review and update device firmware; coordinate with Intelbras for timely patch releases. 6) If possible, disable or limit the 'Add Static IP' functionality or restrict the ability to modify the 'Description' field until a patch is available. 7) Implement multi-factor authentication (MFA) for device access to reduce the impact of session hijacking. 8) Conduct internal penetration testing to verify exposure and effectiveness of mitigations.