Improper input validation in NETGEAR Nighthawk routers_CVE-2025-12946

4.4 / 10

MEDIUM

CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/S:N/AU:N/R:A/V:D/RE:M/U:Amber

Description

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run.

This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46; RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36.

Basic Information

ID CVE-2025-12946

Source NETGEAR

Published Dec 9, 2025 at 17:02

Modified Dec 9, 2025 at 17:10

Affected Product

Vendor NETGEAR

Product RS700

Affected Versions NETGEAR RS700 0
NETGEAR RAX54Sv2 0
NETGEAR RAX41v2 0
NETGEAR RAX50 0
NETGEAR RAXE500 0
NETGEAR RAX41 0
NETGEAR RAX43 0
NETGEAR RAX35v2 0
NETGEAR RAXE450 0
NETGEAR RAX43v2 0
NETGEAR RAX42 0
NETGEAR RAX45 0
NETGEAR RAX50v2 0
NETGEAR MR90 0
NETGEAR RAX42v2 0
NETGEAR RAX49S 0
NETGEAR MS90 0

CWE Classification

CWE-20

References

{
    "lastseen": "",
    "description": "A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. \n\n\n\nThis issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46;\u202fRAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36.",
    "published": "2025-12-09T17:02:20.739Z",
    "modified": "2025-12-09T17:10:59.587Z",
    "type": "cve",
    "title": "Improper input validation in NETGEAR Nighthawk routers",
    "source": "NETGEAR",
    "references": "https://www.netgear.com/support/product/rs700\nhttps://www.netgear.com/support/product/rax54sv2\nhttps://www.netgear.com/support/product/rax41v2\nhttps://www.netgear.com/support/product/RAX50\nhttps://www.netgear.com/support/product/raxe500\nhttps://www.netgear.com/support/product/rax41\nhttps://www.netgear.com/support/product/rax43\nhttps://www.netgear.com/support/product/rax35v2\nhttps://www.netgear.com/support/product/raxe450\nhttps://www.netgear.com/support/product/rax43v2\nhttps://www.netgear.com/support/product/rax42\nhttps://www.netgear.com/support/product/rax45\nhttps://www.netgear.com/support/product/rax50v2\nhttps://www.netgear.com/support/product/mr90\nhttps://www.netgear.com/support/product/ms90\nhttps://www.netgear.com/support/product/rax42v2\nhttps://www.netgear.com/support/product/rax49s",
    "id": "CVE-2025-12946",
    "bulletinFamily": "",
    "cwe": [
        "CWE-20"
    ],
    "cvelist": null,
    "sourceData": "NETGEAR RS700 0\nNETGEAR RAX54Sv2 0\nNETGEAR RAX41v2 0\nNETGEAR RAX50 0\nNETGEAR RAXE500 0\nNETGEAR RAX41 0\nNETGEAR RAX43 0\nNETGEAR RAX35v2 0\nNETGEAR RAXE450 0\nNETGEAR RAX43v2 0\nNETGEAR RAX42 0\nNETGEAR RAX45 0\nNETGEAR RAX50v2 0\nNETGEAR MR90 0\nNETGEAR RAX42v2 0\nNETGEAR RAX49S 0\nNETGEAR MS90 0",
    "sourceHref": "",
    "cvss": {
        "score": 4.4,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/S:N/AU:N/R:A/V:D/RE:M/U:Amber",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "RS700",
    "version": "0",
    "vendor": "NETGEAR",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}