CVE-2025-55976
published 2025-09-10CVE-2025-55976: Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly…
PriorityP353high8.4CVSS 3.1
AVLACLPRNUINSUCHIHAH
EPSS
2.96%
85.5th percentile
Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| intelbras | iwr_3000n_firmware | <= 1.9.8 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Intelbras Wireless Network Credentials Information Leak (CVE-2025-55976)
suricata·2025-09-15·CVSS 8.4
CVE-2025-55976 [HIGH] ET WEB_SPECIFIC_APPS Intelbras Wireless Network Credentials Information Leak (CVE-2025-55976)
ET WEB_SPECIFIC_APPS Intelbras Wireless Network Credentials Information Leak (CVE-2025-55976)
Rule: alert http any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Intelbras Wireless Network Credentials Information Leak (CVE-2025-55976)"; flow:established,to_server; http.method; content:"GET"; http.uri; bsize:22; content:"/v1/interface/wireless"; fast_pattern; reference:url,medium.com/@windsormoreira/intelbras-iwr-3000n-unauthenticated-wi-fi-password-disclosure-cve-2025-55976-7cdac7770413; reference:cve,2025-55976; classtype:web-application-attack; sid:2064695; rev:1; metadata:affected_product Intelbras, attack_target Networking_Equipment, tls_state plaintext, created_at 2025_09_15, cve CVE_2025_55976, deployment Perimeter, deployment Internal, performance_impact Low, confidence High, sign
No public exploits indexed.
No writeups or analysis indexed.
2025-09-10
Published