Description
An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the at_command.asp interface
Published: 2026-06-04
Score: 8.2 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An attacker can send a specially crafted command to the at_command.asp interface on the Neterbit NW-431F Router, allowing them to retrieve sensitive information and run arbitrary code on the device. The vulnerability stems from insufficient input validation on the at_command.asp endpoint, creating a remote code execution condition. This flaw can compromise confidentiality, integrity, and availability of the router and any connected network traffic.

Affected Systems

The affected product is the Neterbit NW-431F Router, specifically firmware version vNW-431F-20241014-IR03. No other versions or variants were listed in the CNA data.

Risk and Exploitability

The CVSS score of 8.2 indicates a high severity, but the EPSS score is not available, making it unclear how frequently the weakness is exploited in the wild. The vulnerability is not currently in the CISA KEV catalog. Based on the description, the likely attack vector is remote over an Internet-facing interface through HTTP requests directed at the at_command.asp endpoint. An attacker would need to craft a payload that bypasses the router’s authentication or rely on default credentials to exploit the flaw.

Generated by OpenCVE AI on June 4, 2026 at 20:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the router firmware to a version that removes the vulnerability in at_command.asp
  • Disable the at_command.asp interface or restrict it to local management traffic
  • Implement strong, unique credentials and enforce HTTPS for all router management interfaces

Generated by OpenCVE AI on June 4, 2026 at 20:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 05 Jun 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Neterbit
Neterbit nw-431f Router
Vendors & Products Neterbit
Neterbit nw-431f Router

Thu, 04 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via at_command.asp in Neterbit NW‑431F Router

Thu, 04 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-200
CWE-78
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 04 Jun 2026 18:45:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via at_command.asp in Neterbit NW‑431F Router
Weaknesses CWE-77

Thu, 04 Jun 2026 17:45:00 +0000

Type Values Removed Values Added
Description An issue in Neterbit NW-431F Router vNW-431F-20241014-IR03 allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted command to the at_command.asp interface
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AC:L/AV:N/A:L/C:H/I:N/PR:N/S:U/UI:N'}

Subscriptions

Neterbit Nw-431f Router
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-04T18:13:19.912Z

Reserved: 2026-01-09T00:00:00.000Z

Link: CVE-2025-69755

cve-icon Vulnrichment

Updated: 2026-06-04T18:13:15.715Z

cve-icon NVD

Status : Deferred

Published: 2026-06-04T18:16:28.003

Modified: 2026-06-04T19:16:27.020

Link: CVE-2025-69755

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-05T10:11:02Z

Weaknesses