Main Vulnerability Database Vulnerabilities #VU119796

#VU119796 Input validation error in NETGEAR products - CVE-2025-12946

Published: December 10, 2025

Vulnerability identifier: #VU119796

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-12946

CWE-ID: CWE-20

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
RS700
RAX54Sv2
RAX41v2
RAX50
RAXE500
RAX41
RAX43
RAX35v2
RAXE450
RAX43v2
RAX42
RAX45
RAX50v2
MR90
MS90
RAX42v2
RAX49S
RAX45v2

Software vendor:
NETGEAR

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to insufficient validation of user-supplied input in the speedtest feature. A remote attacker on the local network can pass specially crafted input to the application and execute arbitrary commands when speedtests are run.

Remediation

Install updates from vendor's website.

External links

https://kb.netgear.com/000070416/December-2025-NETGEAR-Security-Advisory

#VU119796 Input validation error in NETGEAR products - CVE-2025-12946

Description

Remediation

External links

Please verify you're human