CVE-2025-55976 – The Intelbras IWR 3000N router firmware version... (How to Fix)

📋 TL;DR

The Intelbras IWR 3000N router firmware version 1.9.8 exposes Wi-Fi passwords in plaintext through an unauthenticated API endpoint. Any attacker on the local network can retrieve the Wi-Fi password without authentication, potentially gaining unauthorized network access. This affects all users of the IWR 3000N router running the vulnerable firmware.

💻 Affected Systems

Products:

Intelbras IWR 3000N

Versions: 1.9.8

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running the vulnerable firmware version are affected by default.

📦 What is this software?

Iwr 3000n Firmware by Intelbras

View all CVEs affecting Iwr 3000n Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full access to the Wi-Fi network, enabling man-in-the-middle attacks, credential theft, lateral movement to connected devices, and potential data exfiltration.

🟠

Likely Case

Local network attackers obtain Wi-Fi credentials and join the network, potentially monitoring traffic or accessing network resources.

🟢

If Mitigated

With proper network segmentation and monitoring, impact is limited to the Wi-Fi network segment only.

🌐 Internet-Facing: LOW with brief explanation

🏢 Internal Only: HIGH with brief explanation

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only a simple HTTP GET request to the vulnerable endpoint from the local network.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://www.intelbras.com/pt-br/produto/roteador-wireless-n-300mbps-iwr-3000n

Restart Required: Yes

Instructions:

1. Check Intelbras website for firmware updates
2. Download latest firmware
3. Access router admin interface
4. Navigate to firmware update section
5. Upload and apply new firmware
6. Reboot router

🔧 Temporary Workarounds

Disable API endpoint

all

If possible, disable the vulnerable /api/wireless endpoint through router configuration

Network segmentation

all

Isolate the router management interface to a separate VLAN

🧯 If You Can't Patch

Replace the router with a different model that receives security updates
Implement strict network access controls and monitor for unauthorized devices

🔍 How to Verify

Check if Vulnerable:

From local network: curl http://[router-ip]/api/wireless - if response contains plaintext Wi-Fi password, device is vulnerable

Check Version:

Check router web interface or use nmap to identify firmware version

Verify Fix Applied:

After update, repeat the check - endpoint should require authentication or not expose passwords

📡 Detection & Monitoring

Log Indicators:

Multiple unauthorized access attempts to /api/wireless endpoint
Unusual devices joining Wi-Fi network

Network Indicators:

HTTP GET requests to /api/wireless from unauthorized IPs
New MAC addresses on Wi-Fi network

SIEM Query:

source_ip=local_network AND http_path="/api/wireless" AND http_method=GET

📊 Metadata

CVE ID: CVE-2025-55976

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-200

EPSS Score: 0.08% exploit probability (22.5th percentile)

Published: September 10, 2025

Last Updated: October 17, 2025

🔗 References

https://medium.com/@windsormoreira/intelbras-iwr-3000n-unauthenticated-wi-fi-password-disclosure-cve-2025-55976-7cdac7770413 Exploit,Third Party Advisory
https://www.intelbras.com/pt-br/produto/roteador-wireless-n-300mbps-iwr-3000n Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-55976, you might also want to check these: