CVE-2025-26065 in RX 1500
Summary
by MITRE • 08/04/2025
A cross-site scripting (XSS) vulnerability in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name of a visiting Wi-Fi network.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 08/05/2025
This cross-site scripting vulnerability exists within Intelbras RX1500 version 2.2.9 and RX3000 version 1.0.11 wireless access point firmware implementations. The flaw resides in the insufficient input validation and output encoding mechanisms that fail to properly sanitize user-supplied data when processing the name of visiting Wi-Fi networks. Attackers can exploit this weakness by crafting malicious payloads and injecting them into the network name field during the wireless network discovery process, which then gets reflected back to other users browsing the device management interface. The vulnerability stems from a classic improper input validation issue that aligns with CWE-79, which specifically addresses cross-site scripting vulnerabilities due to inadequate sanitization of user-controllable data. This weakness allows threat actors to execute arbitrary JavaScript code within the context of other users' browsers, potentially leading to session hijacking, credential theft, or unauthorized administrative actions on the affected wireless access points.
The operational impact of this vulnerability extends beyond simple script execution as it provides attackers with a foothold for more sophisticated attacks within the network infrastructure. When users interact with the management interface of the affected devices, the malicious scripts embedded in the network name field execute automatically in their browsers, creating a persistent threat vector that can be leveraged for various malicious activities. The attack requires minimal privileges as users only need to browse to the affected management interface and encounter a maliciously crafted network name during the scanning process. This makes the vulnerability particularly dangerous in environments where multiple users access the device management interface, as the payload could affect any individual who views the compromised network listing. The vulnerability also aligns with ATT&CK technique T1566.001 which describes social engineering attacks through spearphishing with a link, where the malicious network name serves as the delivery mechanism for the XSS payload.
Mitigation strategies should focus on implementing robust input validation and output encoding mechanisms within the affected firmware implementations. Network administrators should immediately update to the latest firmware versions provided by Intelbras that contain patches for this vulnerability, as the vendor has likely released security updates addressing the root cause. Additionally, implementing web application firewalls and content security policies can provide defense-in-depth measures to prevent exploitation of this vulnerability even if users encounter malicious network names. The security community should also consider implementing network segmentation and access controls to limit exposure of the affected devices to untrusted users. Regular security assessments and penetration testing of wireless infrastructure components are essential to identify similar vulnerabilities in network equipment, particularly in legacy systems that may not receive regular security updates. Organizations should also establish monitoring procedures to detect unusual network name registrations that might indicate malicious activity, and maintain comprehensive incident response plans that account for potential exploitation of such vulnerabilities in critical network infrastructure components.