Skip to main content

CVE-2025-4996: Cross Site Scripting in Intelbras RF 301K

Medium
VulnerabilityCVE-2025-4996cvecve-2025-4996
Published: Tue May 20 2025 (05/20/2025, 19:00:09 UTC)
Source: CVE
Vendor/Project: Intelbras
Product: RF 301K

Description

A vulnerability, which was classified as problematic, has been found in Intelbras RF 301K 1.1.5. This issue affects some unknown processing of the component Add Static IP. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure.

AI-Powered Analysis

AILast updated: 07/06/2025, 06:54:58 UTC

Technical Analysis

CVE-2025-4996 is a cross-site scripting (XSS) vulnerability identified in Intelbras RF 301K version 1.1.5. The vulnerability arises from improper sanitization of the 'Description' argument within the 'Add Static IP' component of the device's web interface. An attacker can remotely manipulate this parameter to inject malicious scripts, which are then executed in the context of the victim's browser. This type of vulnerability can be exploited without authentication but requires user interaction (such as an administrator or user accessing a crafted URL or interface). The CVSS 4.0 base score is 4.8, indicating a medium severity level. The vector indicates network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:H indicates high privileges but the vector suggests no privileges needed, possibly a discrepancy), user interaction required (UI:P), and limited impact on confidentiality and integrity. The vulnerability does not affect availability or system control. The vendor was notified early, but no patch links are currently available, and no known exploits are reported in the wild. Given the nature of the device (Intelbras RF 301K is a network device, likely a router or similar), this vulnerability could allow attackers to perform session hijacking, steal credentials, or conduct further attacks on the network by leveraging the victim's browser session.

Potential Impact

For European organizations, the impact of this vulnerability depends on the deployment scale of Intelbras RF 301K devices. If these devices are used in enterprise or critical infrastructure networks, successful exploitation could lead to compromise of administrative sessions, enabling attackers to alter device configurations or pivot into internal networks. This could result in data leakage, unauthorized access, or network disruption. The XSS vulnerability could also be leveraged in targeted phishing campaigns to execute malicious scripts in the context of trusted devices. However, since exploitation requires user interaction and the vulnerability is medium severity, the immediate risk is moderate. Organizations with Intelbras devices in operational technology or sensitive environments should be particularly cautious, as attackers could use this as an initial foothold. The lack of a patch increases the window of exposure. Additionally, the public disclosure of the exploit details raises the risk of opportunistic attacks.

Mitigation Recommendations

Organizations should implement the following specific mitigations: 1) Restrict access to the Intelbras RF 301K management interface to trusted networks and IP addresses using network segmentation and firewall rules. 2) Employ web application firewalls (WAFs) that can detect and block XSS payloads targeting the device's web interface. 3) Educate users and administrators to avoid clicking on suspicious links or URLs that could trigger the XSS exploit. 4) Monitor device logs and network traffic for unusual activity indicative of exploitation attempts. 5) Regularly review and update device firmware; coordinate with Intelbras for timely patch releases. 6) If possible, disable or limit the 'Add Static IP' functionality or restrict the ability to modify the 'Description' field until a patch is available. 7) Implement multi-factor authentication (MFA) for device access to reduce the impact of session hijacking. 8) Conduct internal penetration testing to verify exposure and effectiveness of mitigations.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
VulDB
Date Reserved
2025-05-20T12:53:31.524Z
Cisa Enriched
false
Cvss Version
4.0
State
PUBLISHED

Threat ID: 682cd5f64d7c5ea9f4b364d1

Added to database: 5/20/2025, 7:20:22 PM

Last enriched: 7/6/2025, 6:54:58 AM

Last updated: 8/11/2025, 12:41:25 AM

Views: 20

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats