CVE 9.3 CRITICAL

Authenticated RCE in SDMC NE6037 router_CVE-2025-8890

November 27, 2025 invoker category_cve

9.3 / 10

CRITICAL

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Description

Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks.
In order to exploit this vulnerability, an attacker has to log in to the router's administrative portal, which by default is reachable only via LAN ports.

AI Analysis

Authenticated Remote Code Execution vulnerability in SDMC NE6037 router's network diagnostics tool via shell command injection attacks

Basic Information

ID CVE-2025-8890

Source CERT-PL

Published Nov 27, 2025 at 13:42

Affected Product

Vendor SDMC

Product NE6037

Affected Versions SDMC NE6037 0

CWE Classification

CWE-78

AI Assessment

AI Score 9.3 / 10

AI Severity Critical

Vendor SDMC

Product NE6037

Version prior to 7.1.12.2.44

References

cert.pl /en/posts/2025/11/CVE-2025-8890

{
    "lastseen": "",
    "description": "Firmware in SDMC NE6037 routers prior to version 7.1.12.2.44 has a network diagnostics tool vulnerable to a shell command injection attacks.\nIn order to exploit this vulnerability, an attacker has to log in to the router's administrative portal, which by default is reachable only via LAN ports.",
    "published": "2025-11-27T13:42:53.664Z",
    "modified": "2025-11-27T13:42:53.664Z",
    "type": "cve",
    "title": "Authenticated RCE in SDMC NE6037 router",
    "source": "CERT-PL",
    "references": "https://cert.pl/en/posts/2025/11/CVE-2025-8890",
    "id": "CVE-2025-8890",
    "bulletinFamily": "",
    "cwe": [
        "CWE-78"
    ],
    "cvelist": null,
    "sourceData": "SDMC NE6037 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.3,
        "severity": "CRITICAL",
        "vector": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "NE6037",
    "version": "0",
    "vendor": "SDMC",
    "ai_description": "Authenticated Remote Code Execution vulnerability in SDMC NE6037 router's network diagnostics tool via shell command injection attacks",
    "ai_severity": "Critical",
    "ai_vendor": "SDMC",
    "ai_product": "NE6037",
    "ai_version": "prior to 7.1.12.2.44",
    "ai_score": 9.3
}

💭 Join the Security Discussion ❌ Cancel Reply