CVE-2025-4996 MEDIUM

CVE-2025-4996: Intelbras RF 301K Add Static IP cross site scripting

Vendor Intelbras
Product RF 301K
Weakness CWE-79 · XSS
Published May 20, 2025
Last update May 20, 2025

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, has been found in Intelbras RF 301K 1.1.5. This issue affects some unknown processing of the component Add Static IP. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure.

Key dates

02Disclosure timeline

May 20, 2025 CVE published
May 20, 2025 Record updated