CVE-2025-4996: Cross Site Scripting in Intelbras RF 301K
A vulnerability, which was classified as problematic, has been found in Intelbras RF 301K 1.1.5. This issue affects some unknown processing of the component Add Static IP. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure.
AI Analysis
Technical Summary
CVE-2025-4996 is a cross-site scripting (XSS) vulnerability identified in Intelbras RF 301K version 1.1.5. The vulnerability arises from improper sanitization of the 'Description' argument within the 'Add Static IP' component of the device's web interface. An attacker can remotely manipulate this parameter to inject malicious scripts, which are then executed in the context of the victim's browser. This type of vulnerability can be exploited without authentication but requires user interaction (such as an administrator or user accessing a crafted URL or interface). The CVSS 4.0 base score is 4.8, indicating a medium severity level. The vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:H indicates high privileges but the vector suggests no privileges needed, possibly a discrepancy), user interaction required (UI:P), and limited impact on confidentiality and integrity. The vulnerability does not affect availability or system control. The vendor was notified early, but no patch links are currently available, and no known exploits are reported in the wild. Given the nature of the device (Intelbras RF 301K is a network device, likely a router or similar), this vulnerability could allow attackers to perform session hijacking, steal credentials, or conduct further attacks on the network by leveraging the victim's browser session.
Potential Impact
For European organizations, the impact of this vulnerability depends on the deployment scale of Intelbras RF 301K devices. If these devices are used in enterprise or critical infrastructure networks, successful exploitation could lead to compromise of administrative sessions, enabling attackers to alter device configurations or pivot into internal networks. This could result in data leakage, unauthorized access, or network disruption. The XSS vulnerability could also be leveraged in targeted phishing campaigns to execute malicious scripts in the context of trusted devices. However, since exploitation requires user interaction and the vulnerability is medium severity, the immediate risk is moderate. Organizations with Intelbras devices in operational technology or sensitive environments should be particularly cautious, as attackers could use this as an initial foothold. The lack of a patch increases the window of exposure. Additionally, the public disclosure of the exploit details raises the risk of opportunistic attacks.
Mitigation Recommendations
Organizations should implement the following specific mitigations: 1) Restrict access to the Intelbras RF 301K management interface to trusted networks and IP addresses using network segmentation and firewall rules. 2) Employ web application firewalls (WAFs) that can detect and block XSS payloads targeting the device's web interface. 3) Educate users and administrators to avoid clicking on suspicious links or URLs that could trigger the XSS exploit. 4) Monitor device logs and network traffic for unusual activity indicative of exploitation attempts. 5) Regularly review and update device firmware; coordinate with Intelbras for timely patch releases. 6) If possible, disable or limit the 'Add Static IP' functionality or restrict the ability to modify the 'Description' field until a patch is available. 7) Implement multi-factor authentication (MFA) for device access to reduce the impact of session hijacking. 8) Conduct internal penetration testing to verify exposure and effectiveness of mitigations.
Affected Countries
Portugal, Spain, Italy, Germany, France, Poland, Netherlands, Belgium, United Kingdom
CVE-2025-4996: Cross Site Scripting in Intelbras RF 301K
Description
A vulnerability, which was classified as problematic, has been found in Intelbras RF 301K 1.1.5. This issue affects some unknown processing of the component Add Static IP. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure.
AI-Powered Analysis
Technical Analysis
CVE-2025-4996 is a cross-site scripting (XSS) vulnerability identified in Intelbras RF 301K version 1.1.5. The vulnerability arises from improper sanitization of the 'Description' argument within the 'Add Static IP' component of the device's web interface. An attacker can remotely manipulate this parameter to inject malicious scripts, which are then executed in the context of the victim's browser. This type of vulnerability can be exploited without authentication but requires user interaction (such as an administrator or user accessing a crafted URL or interface). The CVSS 4.0 base score is 4.8, indicating a medium severity level. The vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:H indicates high privileges but the vector suggests no privileges needed, possibly a discrepancy), user interaction required (UI:P), and limited impact on confidentiality and integrity. The vulnerability does not affect availability or system control. The vendor was notified early, but no patch links are currently available, and no known exploits are reported in the wild. Given the nature of the device (Intelbras RF 301K is a network device, likely a router or similar), this vulnerability could allow attackers to perform session hijacking, steal credentials, or conduct further attacks on the network by leveraging the victim's browser session.
Potential Impact
For European organizations, the impact of this vulnerability depends on the deployment scale of Intelbras RF 301K devices. If these devices are used in enterprise or critical infrastructure networks, successful exploitation could lead to compromise of administrative sessions, enabling attackers to alter device configurations or pivot into internal networks. This could result in data leakage, unauthorized access, or network disruption. The XSS vulnerability could also be leveraged in targeted phishing campaigns to execute malicious scripts in the context of trusted devices. However, since exploitation requires user interaction and the vulnerability is medium severity, the immediate risk is moderate. Organizations with Intelbras devices in operational technology or sensitive environments should be particularly cautious, as attackers could use this as an initial foothold. The lack of a patch increases the window of exposure. Additionally, the public disclosure of the exploit details raises the risk of opportunistic attacks.
Mitigation Recommendations
Organizations should implement the following specific mitigations: 1) Restrict access to the Intelbras RF 301K management interface to trusted networks and IP addresses using network segmentation and firewall rules. 2) Employ web application firewalls (WAFs) that can detect and block XSS payloads targeting the device's web interface. 3) Educate users and administrators to avoid clicking on suspicious links or URLs that could trigger the XSS exploit. 4) Monitor device logs and network traffic for unusual activity indicative of exploitation attempts. 5) Regularly review and update device firmware; coordinate with Intelbras for timely patch releases. 6) If possible, disable or limit the 'Add Static IP' functionality or restrict the ability to modify the 'Description' field until a patch is available. 7) Implement multi-factor authentication (MFA) for device access to reduce the impact of session hijacking. 8) Conduct internal penetration testing to verify exposure and effectiveness of mitigations.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- VulDB
- Date Reserved
- 2025-05-20T12:53:31.524Z
- Cisa Enriched
- false
- Cvss Version
- 4.0
- State
- PUBLISHED
Threat ID: 682cd5f64d7c5ea9f4b364d1
Added to database: 5/20/2025, 7:20:22 PM
Last enriched: 7/6/2025, 6:54:58 AM
Last updated: 8/11/2025, 12:41:25 AM
Views: 20
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.