CVE-2025-55976
Published: 10 September 2025
Summary
CVE-2025-55976 is a high-severity Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability in Intelbras Iwr 3000N Firmware. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unsecured Credentials (T1552); ranked at the 27.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and AC-3 (Access Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Access Enforcement requires systems to enforce approved authorizations for accessing sensitive resources like the /api/wireless endpoint, preventing unauthenticated local network users from obtaining the plaintext Wi-Fi password.
Information Output Filtering controls and sanitizes information prior to output from the API endpoint, preventing exposure of sensitive Wi-Fi passwords in responses to unauthorized queries.
Permitted Actions Without Identification or Authentication explicitly prohibits technical access to sensitive endpoints like /api/wireless without authentication, directly addressing the unauthenticated disclosure.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability directly exposes Wi-Fi credentials in plaintext via unauthenticated local API endpoint (CWE-200/319), enabling unsecured credential access without auth.
NVD Description
Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint.
Deeper analysisAI
CVE-2025-55976 affects the Intelbras IWR 3000N wireless router running firmware version 1.9.8. The vulnerability involves the exposure of the Wi-Fi network password in plaintext through the unauthenticated /api/wireless API endpoint. This issue, associated with CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor) and CWE-319 (Cleartext Transmission of Sensitive Information), carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-09-10.
Any unauthenticated attacker with access to the local network can exploit this vulnerability by directly querying the /api/wireless endpoint, obtaining the Wi-Fi password without requiring privileges, user interaction, or additional conditions. Successful exploitation enables full disclosure of the Wi-Fi credential, potentially granting the attacker persistent network access, lateral movement, or the ability to decrypt traffic and perform man-in-the-middle attacks.
References include a Medium article by Windsor Moreira detailing the unauthenticated Wi-Fi password disclosure (https://medium.com/@windsormoreira/intelbras-iwr-3000n-unauthenticated-wi-fi-password-disclosure-cve-2025-55976-7cdac7770413) and the manufacturer's product page for the IWR 3000N (https://www.intelbras.com/pt-br/produto/roteador-wireless-n-300mbps-iwr-3000n). No specific patches or mitigations are detailed in the provided information.
Details
- CWE(s)