What is the CVSS score of CVE-2025-67446?

CVE-2025-67446 has a CVSS 3.1 base score of 9.8 (Critical). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.1%.

Which versions of Neterbit NW-431F Router are affected by CVE-2025-67446?

Neterbit NW-431F routers running firmware 20241014-IR03 or earlier are vulnerable to a critical authentication bypass that allows remote attackers to gain complete administrative access without any…

How to fix or mitigate CVE-2025-67446?

24 hours: Inventory all Neterbit NW-431F routers running firmware 20241014-IR03 or earlier; assess network exposure and prioritize by business criticality. 7 days: Restrict network access to affected routers via firewall rules limiting administrative connectivity to authorized management networks only; enable comprehensive logging of all administrative access and session activity; isolate or plan replacement of mission-critical devices. 30 days: Monitor Neterbit's advisory channels for firmware patch release; evaluate device replacement or upgrade feasibility; establish incident response procedures for forensic analysis of potentially compromised routers.

Neterbit NW-431F Router CVE-2025-67446

CRITICAL

Session Fixation (CWE-384)

2026-06-04 mitre

Authentication Bypass Session Fixation

9.8

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

9.8 CRITICAL

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Jun 04, 2026 - 17:05 vuln.today

DescriptionNVD

Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie value (e.g., setting it to "admin"), an attacker can bypass the authentication schema and gain unauthorized access to admin functionalities.

AnalysisAI

Authentication bypass in Neterbit NW-431F routers running firmware 20241014-IR03 and earlier allows remote unauthenticated attackers to gain administrative access by simply setting a session cookie value to a predictable string such as 'admin'. The CVSS 9.8 rating reflects trivial network exploitability with full confidentiality, integrity, and availability impact, and a public proof-of-concept exists in the referenced GitHub repository, though the issue is not currently listed in CISA KEV.

Technical ContextAI

The vulnerability resides in the web-based management interface of the Neterbit NW-431F SOHO router. Rather than issuing cryptographically random session tokens after a successful login, the device accepts a static, guessable cookie value as proof of authenticated state. This is a textbook Improper Authentication weakness (conceptually CWE-287/CWE-798/CWE-602, though no CWE was assigned in the source data) where authentication enforcement is delegated to a client-controlled value with insufficient entropy. The supplied CPE string is a placeholder ('cpe:2.3:a:n/a:n/a:*'), so authoritative CPE-based product matching is not yet available in NVD tooling.

RemediationAI

No vendor-released patch identified at time of analysis; the Neterbit site (https://neterbit.com/) should be monitored for a firmware update superseding 20241014-IR03. Until a fixed firmware is published, restrict access to the router's HTTP/HTTPS administration interface to trusted LAN segments only by disabling any remote/WAN management option in the device settings, and place the admin interface behind a VLAN or management network unreachable from guest/IoT networks; the trade-off is loss of remote administration convenience. Additionally, block inbound TCP to the router's admin port from the WAN at any upstream firewall, and where feasible replace affected devices with supported alternatives given the trivial exploitability. Technical details and a proof-of-concept are referenced at https://github.com/fun-beep/CVEs/tree/main/CVE-2025-67446.