CVE-2025-67447NVD

Vulnerability Summary

The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address field before passing it to the system's ping command. An attacker can inject arbitrary OS commands, which will be executed with the privileges of the web server.

Severity Level

CRITICAL(9.8)

Published Date

Jun 4, 2026

Last Modified

Jun 4, 2026

Exploitation Status

UNKNOWN

Root Weakness (CWE)

CWE-78: OS Command Injection ↗

The software constructs all or part of an OS command using externally-influenced input, but does not properly neutralize special elements.

CVSS v3.1 Base Metrics

Attack VectorNetwork

Attack ComplexityLow

Privileges RequiredNone

User InteractionNone

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

External References

https://github.com/fun-beep/CVEs/tree/main/CVE-2025-67447
https://neterbit.com/
https://github.com/fun-beep/CVEs/tree/main/CVE-2025-67447