← Back

CVE-2025-12946

nvd nist
Published: Dec 9, 2025Modified: Jan 21, 2026

JSON object

Loading...
4.4
Vector
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:D/RE:M/U:Amber
Show more
CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:D/RE:M/U:AmberShow less
Source: a2826606-91e7-4eb6-899e-8484bd4575d5 (Secondary)

Description

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46; RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36.

Affected (18)

Netgear
18 products
Rs700 Firmware
Rax54sv2 Firmware
Rax45v2 Firmware
Rax41v2 Firmware
Rax50 Firmware
Raxe500 Firmware
Rax41 Firmware
Rax43 Firmware
Rax35v2 Firmware
Raxe450 Firmware
Rax43v2 Firmware
Rax42 Firmware
Rax45 Firmware
Rax50v2 Firmware
Mr90 Firmware
Ms90 Firmware
Rax42v2 Firmware
Rax49s Firmware
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rs700 Firmware
Before 1.0.9.6
Running on/withPlatform Versions
Netgear
Rs700
All versions
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax54sv2 Firmware
Before 1.1.6.36
Running on/withPlatform Versions
Netgear
Rax54sv2
All versions
Configuration C
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax45v2 Firmware
Before 1.1.6.36
Running on/withPlatform Versions
Netgear
Rax45v2
All versions
Configuration D
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax41v2 Firmware
Before 1.1.6.36
Running on/withPlatform Versions
Netgear
Rax41v2
All versions
Configuration E
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax50 Firmware
Before 1.2.14.114
Running on/withPlatform Versions
Netgear
Rax50
All versions
Configuration F
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Raxe500 Firmware
Before 1.2.14.114
Running on/withPlatform Versions
Netgear
Raxe500
All versions
Configuration G
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax41 Firmware
Before 1.0.17.142
Running on/withPlatform Versions
Netgear
Rax41
All versions
Configuration H
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax43 Firmware
Before 1.0.17.142
Running on/withPlatform Versions
Netgear
Rax43
All versions
Configuration I
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax35v2 Firmware
Before 1.0.17.142
Running on/withPlatform Versions
Netgear
Rax35v2
All versions
Configuration J
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Raxe450 Firmware
Before 1.0.17.142
Running on/withPlatform Versions
Netgear
Raxe450
All versions
Configuration K
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax43v2 Firmware
Before 1.1.6.36
Running on/withPlatform Versions
Netgear
Rax43v2
All versions
Configuration L
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax42 Firmware
Before 1.0.17.142
Running on/withPlatform Versions
Netgear
Rax42
All versions
Configuration M
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax45 Firmware
Before 1.0.17.142
Running on/withPlatform Versions
Netgear
Rax45
All versions
Configuration N
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax50v2 Firmware
Before 1.1.6.36
Running on/withPlatform Versions
Netgear
Rax50v2
All versions
Configuration O
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Mr90 Firmware
Before 1.0.2.46
Running on/withPlatform Versions
Netgear
Mr90
All versions
Configuration P
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Ms90 Firmware
Before 1.0.2.46
Running on/withPlatform Versions
Netgear
Ms90
All versions
Configuration Q
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax42v2 Firmware
Before 1.1.6.36
Running on/withPlatform Versions
Netgear
Rax42v2
All versions
Configuration R
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Rax49s Firmware
Before 1.1.6.36
Running on/withPlatform Versions
Netgear
Rax49s
All versions

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (18)

Source: a2826606-91e7-4eb6-899e-8484bd4575d5
PatchVendor Advisory
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
PatchProduct
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
PatchProduct
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
PatchProduct
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
PatchProduct
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
PatchProduct
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
PatchProduct
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
PatchProduct
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
PatchProduct
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
PatchProduct
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
PatchProduct
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
PatchProduct
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
PatchProduct
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
PatchProduct
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
PatchProduct
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
PatchProduct
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
PatchProduct
Source: a2826606-91e7-4eb6-899e-8484bd4575d5
PatchProduct

Timeline

No history available yet.