cvedb.io
CVE-2025-67447
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2026-06-04T18:16:27.703 · Last modified 2026-06-17T09:57:40.630

Summary

The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address field before passing it to the system's ping command. An attacker can inject arbitrary OS commands, which will be executed with the privileges of the web server.

Does this affect you?

Add your gear to cvedb and we'll alert you only when a vendor you run ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.