The SMS module in Neterbit NW-431F Router firmware 20241014-IR03 and earlier is vulnerable to stored XSS due to improper sanitization of SMS message content. This allows an attacker to send a malicious SMS that, when viewed, executes script code in the victim's browser context. The vulnerability has a CVSS 3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/C:H/I:L/S:U), indicating network attack vector, low attack complexity, no privileges required, user interaction required, high confidentiality impact, and low integrity impact. No patch or official remediation guidance is currently documented, and no known exploits have been reported.

Successful exploitation can lead to execution of arbitrary script code in the context of the victim's browser when viewing an SMS message on the affected router interface. This can compromise confidentiality by exposing sensitive information accessible to the browser and may allow limited integrity impact. The attack does not require privileges but does require the victim to view the malicious SMS message. There are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, users should exercise caution when viewing SMS messages on the affected router. Network administrators should monitor vendor communications for updates regarding patches or mitigations. No official remediation or temporary fix has been documented at this time.