CVE-2025-67447

CRITICAL

Neterbit NW-431F Router 20241014-IR03 and before - OS Command Injection via Ping IP Address Field

Title source: llm

Description

The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address field before passing it to the system's ping command. An attacker can inject arbitrary OS commands, which will be executed with the privileges of the web server.

References (2)

Core 2

Core References

https://neterbit.com/

https://github.com/fun-beep/CVEs/tree/main/CVE-2025-67447

View Writeup ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0103

EPSS Percentile 59.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

Details

CWE

CWE-78

Status published

Published Jun 04, 2026

Tracked Since Jun 04, 2026