4.4
CVE-2025-12946
- EPSS 0.07%
- Veröffentlicht 09.12.2025 17:15:48
- Zuletzt bearbeitet 09.12.2025 20:15:53
- Quelle a2826606-91e7-4eb6-899e-8484bd
- CVE-Watchlists
- Unerledigt
A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46; RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36.
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginDaten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerNETGEAR
≫
Produkt
RS700
Default Statusunaffected
Version <=
1.0.7.82
Version
0
Status
affected
HerstellerNETGEAR
≫
Produkt
RAX54Sv2
Default Statusunaffected
Version <
V1.1.6.36
Version
0
Status
affected
HerstellerNETGEAR
≫
Produkt
RAX41v2
Default Statusunaffected
Version <
V1.1.6.36
Version
0
Status
affected
HerstellerNETGEAR
≫
Produkt
RAX50
Default Statusunaffected
Version <
V1.2.14.114
Version
0
Status
affected
HerstellerNETGEAR
≫
Produkt
RAXE500
Default Statusunaffected
Version <
V1.2.14.114
Version
0
Status
affected
HerstellerNETGEAR
≫
Produkt
RAX41
Default Statusunaffected
Version <
V1.0.17.142
Version
0
Status
affected
HerstellerNETGEAR
≫
Produkt
RAX43
Default Statusunaffected
Version <
V1.0.17.142
Version
0
Status
affected
HerstellerNETGEAR
≫
Produkt
RAX35v2
Default Statusunaffected
Version <
V1.0.17.142
Version
0
Status
affected
HerstellerNETGEAR
≫
Produkt
RAXE450
Default Statusunaffected
Version <
V1.2.14.114
Version
0
Status
affected
HerstellerNETGEAR
≫
Produkt
RAX43v2
Default Statusunaffected
Version <
V1.1.6.36
Version
0
Status
affected
HerstellerNETGEAR
≫
Produkt
RAX42
Default Statusunaffected
Version <
V1.0.17.142
Version
0
Status
affected
HerstellerNETGEAR
≫
Produkt
RAX45
Default Statusunaffected
Version <
V1.0.17.142
Version
0
Status
affected
HerstellerNETGEAR
≫
Produkt
RAX50v2
Default Statusunaffected
Version <
V1.1.6.36
Version
0
Status
affected
HerstellerNETGEAR
≫
Produkt
MR90
Default Statusunaffected
Version <
V1.0.2.46
Version
0
Status
affected
HerstellerNETGEAR
≫
Produkt
RAX42v2
Default Statusunaffected
Version <
V1.1.6.36
Version
0
Status
affected
HerstellerNETGEAR
≫
Produkt
RAX49S
Default Statusunaffected
Version <
V1.1.6.36
Version
0
Status
affected
HerstellerNETGEAR
≫
Produkt
MS90
Default Statusunaffected
Version <
V1.0.2.46
Version
0
Status
affected
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.203 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| a2826606-91e7-4eb6-899e-8484bd4575d5 | 4.4 | 0 | 0 |
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:D/RE:M/U:Amber
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.