CVE-2025-12943
5.2
Vector
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:AmberShow more
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:D/RE:L/U:AmberShow less
Source: a2826606-91e7-4eb6-899e-8484bd4575d5 (Secondary)
Description
Improper certificate
validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream
AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band
WiFi 6E Router) allows attackers with the ability to intercept and
tamper traffic destined to the device to execute arbitrary commands on the
device.
Devices
with automatic updates enabled may already have this patch applied. If not,
please check the firmware version and update to the
latest.
Fixed in:
RAX30 firmware
1.0.14.108 or later.
RAXE300 firmware
1.0.9.82 or later
Affected (2)
Products: Netgear: Rax30 Firmware, Raxe300 Firmware
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.14.108 |
| Running on/with | Platform Versions |
|---|---|
Netgear Rax30 | All versions |
Configuration B
| Vulnerable Software | Affected Versions |
|---|---|
| Before 1.0.9.82 |
| Running on/with | Platform Versions |
|---|---|
Netgear Raxe300 | All versions |
References (3)
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
Vendor Advisory
Timeline
No history available yet.