Details of VAR-202509-3258

ID

VAR-202509-3258

CVE

CVE-2025-55976

TITLE

Intelbras of IWR 3000N Information disclosure vulnerability in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2025-016645

DESCRIPTION

Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint. Intelbras of IWR 3000N The firmware contains vulnerabilities that may allow information to be leaked and important information to be transmitted in plain text.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.62

sources: NVD: CVE-2025-55976 // JVNDB: JVNDB-2025-016645

AFFECTED PRODUCTS

vendor:	intelbras	model:	iwr 3000n	scope:	lte	version:	1.9.8	Trust: 1.0
vendor:	intelbras	model:	iwr 3000n	scope:	eq	version:	-	Trust: 0.8
vendor:	intelbras	model:	iwr 3000n	scope:	-	version:	-	Trust: 0.8
vendor:	intelbras	model:	iwr 3000n	scope:	lte	version:	iwr 3000n firmware 1.9.8 and earlier	Trust: 0.8

sources: JVNDB: JVNDB-2025-016645 // NVD: CVE-2025-55976

CVSS

SEVERITY

CVSSV2

CVSSV3

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-55976
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2025-016645
value:	HIGH
Trust: 0.8

134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2025-55976
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.1
Trust: 1.0
OTHER:	JVNDB-2025-016645
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2025-016645 // NVD: CVE-2025-55976

PROBLEMTYPE DATA

problemtype:	CWE-319	Trust: 1.0
problemtype:	CWE-200	Trust: 1.0
problemtype:	information leak (CWE-200) [ others ]	Trust: 0.8
problemtype:	Sending important information in clear text (CWE-319) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2025-016645 // NVD: CVE-2025-55976

EXTERNAL IDS

db:	NVD	id:	CVE-2025-55976	Trust: 2.6
db:	JVNDB	id:	JVNDB-2025-016645	Trust: 0.8

sources: JVNDB: JVNDB-2025-016645 // NVD: CVE-2025-55976

REFERENCES

url:	https://medium.com/@windsormoreira/intelbras-iwr-3000n-unauthenticated-wi-fi-password-disclosure-cve-2025-55976-7cdac7770413	Trust: 1.8
url:	https://www.intelbras.com/pt-br/produto/roteador-wireless-n-300mbps-iwr-3000n	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2025-55976	Trust: 0.8

sources: JVNDB: JVNDB-2025-016645 // NVD: CVE-2025-55976

SOURCES

db:	JVNDB	id:	JVNDB-2025-016645
db:	NVD	id:	CVE-2025-55976

LAST UPDATE DATE

2025-11-22T23:25:23.581000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2025-016645	date:	2025-10-21T05:21:00
db:	NVD	id:	CVE-2025-55976	date:	2025-10-17T19:09:23.423

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2025-016645	date:	2025-10-21T00:00:00
db:	NVD	id:	CVE-2025-55976	date:	2025-09-10T18:15:33.960