CVE 8.6 HIGH

CVE-2025-64444_CVE-2025-64444

November 14, 2025 invoker category_cve

8.6 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Description

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in NCP-HG100 1.4.48.16 and earlier. If exploited, a remote attacker who has obtained the authentication information to log in to the management page of the product may execute an arbitrary OS command with root privileges.

AI Analysis

OS Command Injection vulnerability allowing remote attackers to execute arbitrary OS commands with root privileges

Basic Information

ID CVE-2025-64444

Source jpcert

Published Nov 14, 2025 at 05:15

Affected Product

Vendor Sony Network Communications Inc.

Product NCP-HG100/Cellular model

Version 1.4.48.16 and earlier

Affected Versions Sony Network Communications Inc. NCP-HG100/Cellular model 1.4.48.16 and earlier
Sony Network Communications Inc. NCP-HG100/WLAN model 1.4.48.16 and earlier

CWE Classification

CWE-78

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Sony Network Communications Inc.

Product NCP-HG100

Version 1.4.48.16 and earlier

References

{
    "lastseen": "",
    "description": "Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in NCP-HG100 1.4.48.16 and earlier. If exploited, a remote attacker who has obtained the authentication information to log in to the management page of the product may execute an arbitrary OS command with root privileges.",
    "published": "2025-11-14T05:15:56.229Z",
    "modified": "2025-11-14T05:15:56.229Z",
    "type": "cve",
    "title": "CVE-2025-64444",
    "source": "jpcert",
    "references": "https://support.sonynetwork.co.jp/faqsupport/manoma/web/knowledge11157.html\nhttps://jvn.jp/en/jp/JVN49899607/",
    "id": "CVE-2025-64444",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "Sony Network Communications Inc. NCP-HG100/Cellular model 1.4.48.16 and earlier\nSony Network Communications Inc. NCP-HG100/WLAN model 1.4.48.16 and earlier",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "NCP-HG100/Cellular model",
    "version": "1.4.48.16 and earlier",
    "vendor": "Sony Network Communications Inc.",
    "ai_description": "OS Command Injection vulnerability allowing remote attackers to execute arbitrary OS commands with root privileges",
    "ai_severity": "High",
    "ai_vendor": "Sony Network Communications Inc.",
    "ai_product": "NCP-HG100",
    "ai_version": "1.4.48.16 and earlier",
    "ai_score": 8.6
}

💭 Join the Security Discussion ❌ Cancel Reply