Sign-up

ID

VAR-202509-3258


CVE

CVE-2025-55976


DESCRIPTION

Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint.

Trust: 1.0

sources: NVD: CVE-2025-55976

AFFECTED PRODUCTS

vendor:intelbrasmodel:iwr 3000nscope:lteversion:1.9.8

Trust: 1.0

sources: NVD: CVE-2025-55976

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-55976
value: HIGH

Trust: 1.0

134c704f-9b21-4f2e-91b3-4a467353bcc0: CVE-2025-55976
baseSeverity: HIGH
baseScore: 8.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.5
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: NVD: CVE-2025-55976

PROBLEMTYPE DATA

problemtype:CWE-319

Trust: 1.0

problemtype:CWE-200

Trust: 1.0

sources: NVD: CVE-2025-55976

EXTERNAL IDS

db:NVDid:CVE-2025-55976

Trust: 1.0

sources: NVD: CVE-2025-55976

REFERENCES

url:https://www.intelbras.com/pt-br/produto/roteador-wireless-n-300mbps-iwr-3000n

Trust: 1.0

url:https://medium.com/@windsormoreira/intelbras-iwr-3000n-unauthenticated-wi-fi-password-disclosure-cve-2025-55976-7cdac7770413

Trust: 1.0

sources: NVD: CVE-2025-55976

SOURCES

db:NVDid:CVE-2025-55976

LAST UPDATE DATE

2025-10-18T23:21:12.587000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2025-55976date:2025-10-17T19:09:23.423

SOURCES RELEASE DATE

db:NVDid:CVE-2025-55976date:2025-09-10T18:15:33.960