Cross-Site Scripting Vulnerability in Intelbras RX1500 and RX3000 Products
CVE-2025-26065

7.3HIGH

Key Information:

Vendor: Intelbras
Status: RX1500 and RX3000
Vendor: CVE Published:; 4 August 2025

What is CVE-2025-26065?

A cross-site scripting (XSS) vulnerability has been identified in Intelbras RX1500 version 2.2.9 and RX3000 version 1.0.11. This vulnerability allows attackers to inject malicious payloads into the name of a visiting Wi-Fi network, potentially enabling them to execute arbitrary web scripts or HTML in the context of a user’s browser. Attackers can exploit this flaw to deliver harmful scripts to unsuspecting users, compromising the security and privacy of their interactions. Users of the affected products should apply available patches and implement security measures to mitigate the risk.

References

https://manuais.intelbras.com.br/manual-linha-rx/ChangeLo...

https://seclists.org/fulldisclosure/2025/Jul/26

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 4, 2025
Vulnerability Reserved
Feb 7, 2025

JSON