CVE-2025-67448 in NW-431F
Summary
by MITRE • 06/04/2026
The SMS module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to stored XSS. The application does not properly sanitize user input in SMS messages before storing and displaying them. An attacker can send an SMS containing a malicious XSS payload, which will be executed in the context of the victim's browser when the message is viewed.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 06/04/2026
The vulnerability identified in the Neterbit NW-431F Router SMS module represents a critical stored cross-site scripting flaw that undermines the security of the device's communication interface. This vulnerability affects firmware versions up to and including 20241014-IR03, where the application fails to implement proper input sanitization mechanisms for SMS message content. The flaw exists within the router's web-based management interface that processes and displays SMS messages received by the device, creating a persistent security risk that can be exploited by remote attackers without requiring authentication or physical access to the device.
The technical implementation of this vulnerability stems from inadequate data validation and sanitization practices within the router's SMS handling subsystem. When users send SMS messages to the router, the system stores these messages in its internal database without properly escaping or filtering potentially malicious content. The stored messages are subsequently retrieved and displayed within the web interface without appropriate output encoding, allowing attacker-controlled script code to execute in the context of authenticated users' browsers. This represents a classic stored XSS vulnerability pattern where the malicious payload is persisted on the server and executed during normal user interaction with the affected interface. The vulnerability aligns with CWE-79 Cross-site Scripting and falls under the ATT&CK technique T1566.001 Initial Access: Spearphishing Attachment, as attackers can exploit this flaw through malicious SMS content to gain access to the router's administrative interface.
The operational impact of this vulnerability extends beyond simple browser-based exploitation, as it provides attackers with potential access to sensitive router configuration data and administrative controls. An attacker who successfully injects malicious code through an SMS message can execute arbitrary JavaScript in the context of the victim's browser session, potentially leading to session hijacking, data exfiltration, or further exploitation of the router's network services. The vulnerability is particularly concerning because it can be exploited through legitimate SMS communication channels, making it difficult for network administrators to detect or prevent such attacks. The stored nature of the vulnerability means that the malicious payload remains active even after the initial injection, continuously affecting any user who views the affected SMS messages within the router's web interface.
Mitigation strategies for this vulnerability should focus on implementing proper input validation and output encoding mechanisms within the router's SMS handling subsystem. Network administrators should immediately update to the latest firmware version that addresses this vulnerability, as provided by Neterbit. The router's web interface should implement comprehensive HTML entity encoding for all user-supplied content before display, and input validation should be enforced at multiple levels including protocol-level sanitization and application-level filtering. Additionally, administrators should consider implementing network segmentation and access control measures to limit exposure of the router's web interface, while monitoring for suspicious SMS traffic patterns that may indicate exploitation attempts. The vulnerability also highlights the importance of secure coding practices in embedded systems and emphasizes the need for comprehensive security testing of all user-facing interfaces in network infrastructure devices.