CVE-2025-67446
9.8 CRITICALImproper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before
Published: 2026-06-04 · Last updated: 2026-06-04
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-384
Description
Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie value (e.g., setting it to "admin"), an attacker can bypass the authentication schema and gain unauthorized access to admin functionalities.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2009-10007 — Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks (9.1 CRITICAL)
- CVE-2026-41839 — A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalati... (4.2 MEDIUM)
- CVE-2026-11335 — A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500e... (6.3 MEDIUM)
- CVE-2026-33384 — QuickCMS allows a user's session identifier to be set before authentication
- CVE-2026-48545 — Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixati... (6.8 MEDIUM)