PatchSiren cyber security CVE debrief
CVE-2025-67447 Neterbit CVE debrief
The network diagnosis (ping) module in Neterbit NW-431F Router 20241014-IR03 and before is vulnerable to OS command injection. The application does not properly sanitize user input in the IP address field before passing it to the system's ping command. An attacker can inject arbitrary OS commands, which will be executed with the privileges of the web server.
- Vendor
- Neterbit
- Product
- NW-431F Router 20241014-IR03
- CVSS
- CRITICAL 9.8
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-04
- Original CVE updated
- 2026-06-04
- Advisory published
- 2026-06-04
- Advisory updated
- 2026-06-04
Who should care
Administrators and users of Neterbit NW-431F Router 20241014-IR03 and before should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is caused by improper sanitization of user input in the IP address field of the ping module. This allows an attacker to inject arbitrary OS commands, which will be executed with the privileges of the web server.
Defensive priority
high
Recommended defensive actions
- Update to the latest firmware version if available.
- Disable the ping module if not necessary.
- Implement proper input validation and sanitization for the IP address field.
- Monitor the system for suspicious activity.
Evidence notes
The CVE record was obtained from the official CVE database. The vulnerability details were extracted from the CVE description and the NVD detail page.
Official resources
CVE-2025-67447 was published on 2026-06-04T18:16:27.703Z and modified on 2026-06-04T19:16:26.597Z.