CVE-2025-55976

HIGH EPSS 85.5%

Published Sep 10, 20259mo ago · Modified Jun 17, 20261w ago

8.4 CVSS 3.1

High

Published Sep 10, 2025 9mo ago

Last Modified Jun 17, 2026 1w ago

Description

Intelbras IWR 3000N 1.9.8 exposes the Wi-Fi password in plaintext via the /api/wireless endpoint. Any unauthenticated user on the local network can directly obtain the Wi-Fi network password by querying this endpoint.

CVSS Details

Base Score

8.4

Exploitability

2.5

Impact

5.9

Vector string

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector Local

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Unchanged

Confidentiality High

Integrity High

Availability High

Threat Intelligence

EPSS Exploit Probability

85.5% percentile

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 2

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure

CWE-319

Affected Products 2

Vendor	Product	Version	Range
intelbras	iwr_3000n_firmware	*	≤1.9.8
intelbras	iwr_3000n	*	any

References 2

medium.com https://medium.com/@windsormoreira/intelbras-iwr-3000n-unauthenticated-wi-fi-password-disclosure-cve-2025-55976-7cdac7770413

ExploitThird Party Advisory
intelbras.com https://www.intelbras.com/pt-br/produto/roteador-wireless-n-300mbps-iwr-3000n

Broken Link

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.