7.5
CVE-2025-12946
- EPSS 0.27%
- Veröffentlicht 09.12.2025 17:15:48
- Zuletzt bearbeitet 21.01.2026 19:29:14
- Quelle a2826606-91e7-4eb6-899e-8484bd
- CVE-Watchlists
- Unerledigt
Improper input validation in NETGEAR Nighthawk routers
A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46; RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Netgear ≫ Rs700 Firmware Version < 1.0.9.6
Netgear ≫ Rax54sv2 Firmware Version < 1.1.6.36
Netgear ≫ Rax45v2 Firmware Version < 1.1.6.36
Netgear ≫ Rax41v2 Firmware Version < 1.1.6.36
Netgear ≫ Rax50 Firmware Version < 1.2.14.114
Netgear ≫ Raxe500 Firmware Version < 1.2.14.114
Netgear ≫ Rax41 Firmware Version < 1.0.17.142
Netgear ≫ Rax43 Firmware Version < 1.0.17.142
Netgear ≫ Rax35v2 Firmware Version < 1.0.17.142
Netgear ≫ Raxe450 Firmware Version < 1.0.17.142
Netgear ≫ Rax43v2 Firmware Version < 1.1.6.36
Netgear ≫ Rax42 Firmware Version < 1.0.17.142
Netgear ≫ Rax45 Firmware Version < 1.0.17.142
Netgear ≫ Rax50v2 Firmware Version < 1.1.6.36
Netgear ≫ Mr90 Firmware Version < 1.0.2.46
Netgear ≫ Ms90 Firmware Version < 1.0.2.46
Netgear ≫ Rax42v2 Firmware Version < 1.1.6.36
Netgear ≫ Rax49s Firmware Version < 1.1.6.36
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.187 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| a2826606-91e7-4eb6-899e-8484bd4575d5 | 4.4 | 0 | 0 |
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:D/RE:M/U:Amber
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
https://www.netgear.com/support/product/RAX50
https://www.netgear.com/support/product/mr90
https://www.netgear.com/support/product/ms90
https://www.netgear.com/support/product/rax35v2
https://www.netgear.com/support/product/rax41
https://www.netgear.com/support/product/rax41v2
https://www.netgear.com/support/product/rax42
https://www.netgear.com/support/product/rax42v2
https://www.netgear.com/support/product/rax43
https://www.netgear.com/support/product/rax43v2
https://www.netgear.com/support/product/rax45
https://www.netgear.com/support/product/rax49s
https://www.netgear.com/support/product/rax50v2
https://www.netgear.com/support/product/rax54sv2
https://www.netgear.com/support/product/raxe450
https://www.netgear.com/support/product/raxe500
https://www.netgear.com/support/product/rs700
https://kb.netgear.com/000070416/December-2025-NETGEAR-Security-Advisory