Netcore NBR200V2 HTTP Header routerd passwd_set command injection

CVE Details

Basic Information

Title	Netcore NBR200V2 HTTP Header routerd passwd_set command injection
Type	cve
Published	2025-05-25T07:00:09.594Z
Last Seen

Product Information

Vendor	Netcore
Product	NBR1005GPEV2
Version	20250508

CVSS Information

Base Score	5.3 (MEDIUM)
Attack Vector	CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Confidentiality Impact
Integrity Impact
Availability Impact

AI Analysis

AI Description	A critical vulnerability in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, and NBR200V2 up to 20250508 allows remote attackers to execute arbitrary commands via the HTTP Header Handler. The vulnerability is due to improper handling of the `pwd` parameter in the `passwd_set` function of `/usr/bin/routerd`, leading to command injection.
AI Severity	High
Vendor	Netcore
Product	NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2
Affected Version	up to 20250508

Additional Information

CVE List
CWE List	CWE-77, CWE-74
Bulletin Family
Source Data	Netcore NBR1005GPEV2 20250508 Netcore B6V2 20250508 Netcore COVER5 20250508 Netcore NAP830 20250508 Netcore NAP930 20250508 Netcore NBR100V2 20250508 Netcore NBR200V2 20250508

Source Information

Source Data	Netcore NBR1005GPEV2 20250508 Netcore B6V2 20250508 Netcore COVER5 20250508 Netcore NAP830 20250508 Netcore NAP930 20250508 Netcore NBR100V2 20250508 Netcore NBR200V2 20250508
Source Link

Description

A vulnerability has been found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2 and NBR200V2 up to 20250508 and classified as critical. This vulnerability affects the function passwd_set of the file /usr/bin/routerd of the component HTTP Header Handler. The manipulation of the argument pwd leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS Score Summary

Base Score: 5.3 (MEDIUM)

View Full CVE Details