ГлавнаяУязвимости → CVE-2025-12946
7.5высокая

CVE-2025-12946

Описание

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46; RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36.

Затрагиваемое ПО
Netgear Rs700 firmwareNetgear Rs700Netgear Rax54sv2 firmwareNetgear Rax54sv2Netgear Rax45v2 firmwareNetgear Rax45v2Netgear Rax41v2 firmwareNetgear Rax41v2Netgear Rax50 firmwareNetgear Rax50Netgear Raxe500 firmwareNetgear Raxe500Netgear Rax41 firmwareNetgear Rax41Netgear Rax43 firmwareNetgear Rax43Netgear Rax35v2 firmwareNetgear Rax35v2Netgear Raxe450 firmwareNetgear Raxe450Netgear Rax43v2 firmwareNetgear Rax43v2Netgear Rax42 firmwareNetgear Rax42Netgear Rax45 firmware
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://kb.netgear.com/000070416/December-2025-NETGEAR-Security-Advisoryhttps://www.netgear.com/support/product/RAX50https://www.netgear.com/support/product/mr90https://www.netgear.com/support/product/ms90https://www.netgear.com/support/product/rax35v2https://www.netgear.com/support/product/rax41https://www.netgear.com/support/product/rax41v2https://www.netgear.com/support/product/rax42