CVEs: Multiple Vulnerabilities Found in Intelbras Router Web Interfaces

By: Gabriel Lima

As part of research conducted by Tempest’s Technical Consulting team, multiple vulnerabilities were identified and reported affecting the web management interfaces of at least two router devices manufactured by Intelbras. These vulnerabilities were registered by MITRE under the following identifiers:

• CVE-2025-26062
• CVE-2025-26063
• CVE-2025-26064
• CVE-2025-26065

All four vulnerabilities involve access control issues and JavaScript command injection.

The vulnerability described in CVE-2025-26062 allows unauthenticated access to router log information, downloading of device configurations, and access to various router functionalities — provided that an administrator is simultaneously logged in to the web interface.

The vulnerabilities detailed in CVE-2025-26063, CVE-2025-26064, and CVE-2025-26065 allow unauthenticated JavaScript injection, which could potentially enable session token theft through the Site Survey functionality. Furthermore, from an authenticated context, JavaScript injection could also be achieved through manipulation of connected client names and guest network names, enabling persistence mechanisms on the device.

All vulnerabilities discussed in this publication were responsibly reported to Intelbras, which has since mitigated the identified issues affecting the RX1500 and RX3000 routers. For the RX1500 model specifically, a beta firmware version 2.2.12 was released for validation of the applied fixes.

Further details on firmware updates and version changes can be found at:

• RX1500 Changelog
• RX3000 Changelog

Technical details about the identified vulnerabilities are available at:

https://seclists.org/fulldisclosure/2025/Jul/14

References
[1] https://manuais.intelbras.com.br/manual-linha-rx/ChangeLogRX1500.html
[2] https://manuais.intelbras.com.br/manual-linha-rx/ChangeLogRX3000.html