CVE-2025-26063
Published: 31 July 2025
Summary
CVE-2025-26063 is a critical-severity Command Injection (CWE-77) vulnerability in Intelbras Rx 1500 Firmware. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 12.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-26063 is a command injection vulnerability (CWE-77) affecting Intelbras RX1500 version 2.2.9 and RX3000 version 1.0.11. It permits unauthenticated remote attackers to execute arbitrary code by supplying a crafted payload in the ESSID name field when creating a wireless network. The flaw carries a CVSS 3.1 score of 9.8, reflecting network attack vector, low complexity, and no requirements for authentication or user interaction.
An attacker with network reachability to an unpatched device can leverage the injection to run commands with the privileges of the affected process, resulting in complete compromise of confidentiality, integrity, and availability on the router.
Public disclosures on seclists.org reference Intelbras changelogs for the RX1500 and RX3000 lines that address firmware updates, while the EPSS score has remained flat at 0.0342 since publication with no material rise indicating emerging exploitation activity.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-23312
Vulnerability details
An issue in Intelbras RX1500 v2.2.9 and RX3000 v1.0.11 allows unauthenticated attackers to execute arbitrary code via injecting a crafted payload into the ESSID name when creating a network.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Direct unauthenticated command injection RCE on public-facing router firmware enables T1190 (Exploit Public-Facing Application) for initial access and T1059.004 (Unix Shell) for arbitrary command execution.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly prevents command injection vulnerabilities like CVE-2025-26063 by requiring validation and sanitization of untrusted inputs such as crafted ESSID names.
Mandates timely flaw remediation through firmware updates, as Intelbras provided for RX1500 and RX3000 to fix this specific command injection issue.
Prohibits unauthenticated actions such as network creation with ESSID payloads, directly blocking remote attackers from exploiting the vulnerability without identification or authentication.