CVE-2025-12946

EPSS 0.07%
Veröffentlicht 09.12.2025 17:15:48
Zuletzt bearbeitet 21.01.2026 19:29:14
Quelle a2826606-91e7-4eb6-899e-8484bd
CVE-Watchlists
Login
Unerledigt
Login

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. 



This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46; RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 21

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Netgear ≫ Rs700 Firmware Version < 1.0.9.6

Netgear ≫ Rs700 Version-

Netgear ≫ Rax54sv2 Firmware Version < 1.1.6.36

Netgear ≫ Rax54sv2 Version-

Netgear ≫ Rax45v2 Firmware Version < 1.1.6.36

Netgear ≫ Rax45v2 Version-

Netgear ≫ Rax41v2 Firmware Version < 1.1.6.36

Netgear ≫ Rax41v2 Version-

Netgear ≫ Rax50 Firmware Version < 1.2.14.114

Netgear ≫ Rax50 Version-

Netgear ≫ Raxe500 Firmware Version < 1.2.14.114

Netgear ≫ Raxe500 Version-

Netgear ≫ Rax41 Firmware Version < 1.0.17.142

Netgear ≫ Rax41 Version-

Netgear ≫ Rax43 Firmware Version < 1.0.17.142

Netgear ≫ Rax43 Version-

Netgear ≫ Rax35v2 Firmware Version < 1.0.17.142

Netgear ≫ Rax35v2 Version-

Netgear ≫ Raxe450 Firmware Version < 1.0.17.142

Netgear ≫ Raxe450 Version-

Netgear ≫ Rax43v2 Firmware Version < 1.1.6.36

Netgear ≫ Rax43v2 Version-

Netgear ≫ Rax42 Firmware Version < 1.0.17.142

Netgear ≫ Rax42 Version-

Netgear ≫ Rax45 Firmware Version < 1.0.17.142

Netgear ≫ Rax45 Version-

Netgear ≫ Rax50v2 Firmware Version < 1.1.6.36

Netgear ≫ Rax50v2 Version-

Netgear ≫ Mr90 Firmware Version < 1.0.2.46

Netgear ≫ Mr90 Version-

Netgear ≫ Ms90 Firmware Version < 1.0.2.46

Netgear ≫ Ms90 Version-

Netgear ≫ Rax42v2 Firmware Version < 1.1.6.36

Netgear ≫ Rax42v2 Version-

Netgear ≫ Rax49s Firmware Version < 1.1.6.36

Netgear ≫ Rax49s Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.21

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
a2826606-91e7-4eb6-899e-8484bd4575d5	4.4	0	0	CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:D/RE:M/U:Amber

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.netgear.com/support/product/RAX50

Patch

Product

https://www.netgear.com/support/product/mr90

Patch

Product

https://www.netgear.com/support/product/ms90

Patch

Product

https://www.netgear.com/support/product/rax35v2

Patch

Product