CVE-2025-66963 – This vulnerability in Hitron HI3120 routers all... (How to Fix)

Q: What is the severity of CVE-2025-66963?

CVE-2025-66963 has a CVSS score of 5.5 (MEDIUM). This vulnerability in Hitron HI3120 routers allows a local attacker to access sensitive information through the logout function on the index.html page. It affects users with physical or network access to the device. The issue stems from insufficient session expiration (CWE-200).

📋 TL;DR

This vulnerability in Hitron HI3120 routers allows a local attacker to access sensitive information through the logout function on the index.html page. It affects users with physical or network access to the device. The issue stems from insufficient session expiration (CWE-200).

💻 Affected Systems

Products:

Hitron HI3120

Versions: v.7.2.4.5.2b1

Operating Systems: Embedded router OS

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the web management interface of the router. Requires access to the device's local network or physical access.

📦 What is this software?

Hi3120 Firmware by Hitrontech

View all CVEs affecting Hi3120 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

An attacker could obtain authentication credentials, session tokens, or other sensitive data that could lead to full device compromise.

🟠

Likely Case

Local users or attackers on the same network could access session information or user data that should be cleared upon logout.

🟢

If Mitigated

With proper network segmentation and access controls, impact is limited to authorized users only.

🌐 Internet-Facing: LOW - This requires local access to the device's web interface.

🏢 Internal Only: MEDIUM - Attackers on the local network could potentially exploit this vulnerability.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to the web interface. The GitHub reference suggests technical details are publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: http://hitron.com

Restart Required: No

Instructions:

Check Hitron's official website for firmware updates. If available, download and apply the latest firmware through the router's web interface.

🔧 Temporary Workarounds

Restrict Network Access

all

Limit access to the router's web interface to trusted IP addresses only.

Configure firewall rules to restrict access to router management IP (typically 192.168.0.1 or 192.168.1.1)

Change Default Credentials

all

Ensure strong, unique credentials are set for router administration.

Log into router web interface and change admin password in settings

🧯 If You Can't Patch

Segment the network to isolate the router from untrusted devices
Monitor for unusual access attempts to the router's management interface

🔍 How to Verify

Check if Vulnerable:

Access the router web interface, navigate to index.html, and test if session data persists after logout.

Check Version:

Log into router web interface and check firmware version in System Status or similar section

Verify Fix Applied:

After applying any firmware update, retest the logout functionality to ensure session data is properly cleared.

📡 Detection & Monitoring

Log Indicators:

Multiple logout attempts
Unusual access patterns to index.html

Network Indicators:

HTTP requests to router management interface from unexpected sources

SIEM Query:

source="router_logs" AND (url="*index.html*" AND action="logout")

📊 Metadata

CVE ID: CVE-2025-66963

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-200

EPSS Score: 0.02% exploit probability (3.1th percentile)

Published: December 15, 2025

Last Updated: December 23, 2025

🔗 References

http://hitron.com Not Applicable
https://github.com/kakarotossj3/CVEs/blob/main/Hitron/Insufficient%20Session%20Expiration/Details Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66963, you might also want to check these: