CVE-2025-26062

CRITICAL

Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 - Unauthenticated Sensitive Information Exposure via Settings File Access

Title source: llm

Description

An access control issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to access the router's settings file and obtain potentially sensitive information from the current settings.

References (5)

Core 5

Core References

Release Notes

https://manuais.intelbras.com.br/manual-linha-rx/ChangeLogRX1500.html

Release Notes

https://manuais.intelbras.com.br/manual-linha-rx/ChangeLogRX3000.html

Exploit, Mailing List, Third Party Advisory

https://seclists.org/fulldisclosure/2025/Jul/14

Mailing List

http://seclists.org/fulldisclosure/2025/Jul/14

Mailing List

http://seclists.org/fulldisclosure/2025/Jul/26

Scores

CVSS v3 9.8

EPSS 0.0098

EPSS Percentile 57.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-284

Status published

Products (2)

intelbras/rx_1500_firmware 2.2.9

intelbras/rx_3000_firmware 1.0.11

Published Jul 31, 2025

Tracked Since Feb 18, 2026