CVE-2025-67446
CRITICALDescription
Improper Authentication (Authentication Bypass) exists in Neterbit NW-431F Router 20241014-IR03 and before. The router uses a weak/predictable cookie value for authentication. By modifying the cookie value (e.g., setting it to "admin"), an attacker can bypass the authentication schema and gain unauthorized access to admin functionalities.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
References
Frequently Asked Questions
What is CVE-2025-67446? +
How severe is CVE-2025-67446? +
How do I check if I'm vulnerable to CVE-2025-67446? +
Related Vulnerabilities
A malicious actor can fix the session of a PAM user by tricking the user to click on a specially …
QuickCMS allows a user's session identifier to be set before authentication. The value of this session ID stays the same …
KTM System e-BOK allows the session identifier to be set by the client prior to authentication. If a cookie with …
An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of …
Session fixation vulnerability in Wikimedia Foundation OAuth. This vulnerability is associated with program files src/Backend/MWOAuthServer.Php. This issue affects OAuth: from …
When configured using SAML, a session fixation vulnerability in the GlobalProtect™ login enables an attacker to impersonate a legitimate authorized …