← back
CVE-2025-67447

CVE-2025-67447

CVSS 9.8 CRITICALEPSS 1.0%CWE-78
Vexday Risk Score
28Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 9.8EPSS 1.0%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
04 Jun 2026Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address field before passing it to the system's ping command. An attacker can inject arbitrary OS commands, which will be executed with the privileges of the web server.
CVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N
Affected products
n/a · n/a