CVE-2025-63422 is a security vulnerability identified in the web management interface of the Each Italy Wireless Mini Router WIRELESS-N 300M v28K.MiniRouter.20190211. The core issue is an incorrect access control mechanism that allows attackers to arbitrarily change the administrator username and password by sending a crafted GET request. This means that an attacker can bypass authentication controls and directly manipulate critical router credentials remotely if they can reach the management interface. The vulnerability arises from insufficient validation of incoming HTTP requests, permitting unauthorized command execution. Since the router’s administrative interface controls network configurations and security settings, unauthorized access can lead to full device compromise, enabling attackers to intercept, redirect, or disrupt network traffic. No CVSS score has been assigned yet, and no patches or known exploits are currently documented. The vulnerability does not require user interaction or prior authentication, making it highly exploitable in exposed environments. The lack of version specificity suggests the issue may affect all firmware versions of this router model. This vulnerability is particularly concerning for organizations relying on these routers for network connectivity, as it undermines the foundational security of their network perimeter.

For European organizations, this vulnerability poses a significant risk to network security and data confidentiality. Compromise of the router’s administrative credentials can lead to unauthorized network access, interception of sensitive communications, and potential lateral movement within corporate networks. Critical sectors such as finance, healthcare, and government agencies using these routers could face operational disruptions or data breaches. The ability to change admin credentials without authentication means attackers can persistently control the device, potentially deploying further malware or using the router as a foothold for broader attacks. Given the router’s role in small office or home office environments, the vulnerability could also impact remote workers, increasing the attack surface. The absence of known exploits currently provides a window for proactive mitigation, but the ease of exploitation and potential impact make this a high-risk issue for European entities using this hardware.

1. Immediately restrict access to the router’s web management interface by limiting it to trusted internal networks or specific IP addresses using firewall rules. 2. Disable remote management features if not strictly necessary to reduce exposure. 3. Monitor network traffic for unusual or suspicious GET requests targeting the router’s management interface. 4. Contact the vendor for firmware updates or patches addressing this vulnerability and apply them promptly once available. 5. Replace affected routers with models from vendors with stronger security track records if patches are delayed or unavailable. 6. Implement network segmentation to isolate vulnerable devices from critical infrastructure. 7. Educate IT staff and users about the risks of default or weak router credentials and enforce strong password policies. 8. Regularly audit router configurations and logs to detect unauthorized changes. These steps go beyond generic advice by focusing on access control hardening, proactive monitoring, and vendor engagement specific to this vulnerability.