Cyber Posture

CVE-2025-26062

CriticalPublic PoC

Published: 31 July 2025

Published
31 July 2025
Modified
03 November 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0068 71.6th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-26062 is a critical-severity Improper Access Control (CWE-284) vulnerability in Intelbras Rx 1500 Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 28.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-8 (Identification and Authentication (Non-organizational Users)).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

AC-3 Access Enforcement good match
prevent

Enforces approved authorizations for access to system resources like the router's settings file, directly preventing unauthenticated access.

IA-8 Identification and Authentication (Non-organizational Users) good match
prevent

Requires unique identification and authentication for non-organizational users, blocking unauthenticated network attackers from accessing sensitive router configurations.

SI-2 Flaw Remediation good match
prevent

Provides a risk-based process to identify, prioritize, and remediate flaws like this access control vulnerability through timely firmware updates.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Direct unauthenticated access to router config/settings file on public-facing network device matches exploitation of public-facing apps for data access.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

An access control issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to access the router's settings file and obtain potentially sensitive information from the current settings.

Deeper analysisAI

CVE-2025-26062 is an access control vulnerability (CWE-284) in Intelbras RX1500 version 2.2.9 and RX3000 version 1.0.11 routers. The issue enables unauthenticated attackers to access the router's settings file and extract potentially sensitive information from the current configuration. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), reflecting critical severity due to high impacts on confidentiality, integrity, and availability.

Unauthenticated attackers with network access to an affected router can exploit this vulnerability without privileges, low attack complexity, or user interaction. Exploitation allows retrieval of sensitive data from the settings file, such as configuration details that could aid further attacks.

Intelbras provides changelogs for the RX1500 and RX3000 at their manual sites, which detail relevant firmware updates. Additional technical details appear in Full Disclosure mailing list postings from July 2025.

Details

CWE(s)
CWE-284

Affected Products

intelbras
rx 1500 firmware
2.2.9
intelbras
rx 3000 firmware
1.0.11

CVEs Like This One

CVE-2025-26063Same product: Intelbras Rx 1500
CVE-2025-66956Shared CWE-284
CVE-2026-30707Shared CWE-284
CVE-2025-23243Shared CWE-284
CVE-2026-40595Shared CWE-284
CVE-2025-66509Shared CWE-284
CVE-2025-27649Shared CWE-284
CVE-2025-50900Shared CWE-284
CVE-2025-50105Shared CWE-284
CVE-2025-29515Shared CWE-284

References