Neterbit NW-431F CVE-2025-69755
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Lifecycle Timeline
1DescriptionCVE.org
An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the at_command.asp interface
AnalysisAI
Remote code execution and information disclosure in Neterbit NW-431F routers (firmware vNW-431F-20241014-IR03) allow unauthenticated network attackers to compromise the device by sending a crafted command to the at_command.asp interface. The CVSS 8.2 vector (AV:N/AC:L/PR:N/UI:N) indicates trivial remote exploitation against the router's web management interface, and no public exploit identified at time of analysis, though a researcher repository on GitHub may contain proof-of-concept material.
Technical ContextAI
The Neterbit NW-431F is a consumer/SMB router that exposes a web administration interface containing an at_command.asp endpoint, typically used to issue AT modem-style commands to the underlying cellular or DSL chipset. Because the endpoint passes attacker-controlled input into a command interpreter on the router's embedded Linux firmware, this represents a classic OS command injection pattern (CWE-78 class, though CWE is not formally assigned in this advisory). The at_command interface on embedded routers is a recurring weak spot because vendors often forward parameters directly to a shell or modem control channel without sanitization, and the affected firmware build vNW-431F-20241014-IR03 is the only version explicitly referenced.
RemediationAI
No vendor-released patch identified at time of analysis; the Neterbit reference (https://neterbit.com/) points only to the vendor homepage rather than a fixed firmware build, and no vendor advisory URL is provided. Until Neterbit publishes a corrected firmware image superseding vNW-431F-20241014-IR03, operators should block all WAN-side access to the router's web management interface at the perimeter, restrict LAN-side access to the admin UI to a dedicated management VLAN or specific admin workstations, and specifically deny HTTP/HTTPS requests to the /at_command.asp path via any upstream filtering device or reverse proxy; the trade-off is loss of remote administration. Monitor the researcher repository at https://github.com/fun-beep/CVEs/tree/main/CVE-2025-69755 for technical detail and contact Neterbit support directly to request a patched firmware build, and consider replacing the device if no fix is forthcoming.
Same weakness CWE-78 – OS Command Injection
View allShare
External POC / Exploit Code
Leaving vuln.today