CVE-2025-12945
BaseFortify
Publication date: 2025-12-09
Last updated on: 2025-12-09
Assigner: Netgear, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| netgear | nighthawk_r7000p | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-20 | The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in NETGEAR Nighthawk R7000P routers allows an authenticated administrator to execute operating system command injections due to improper input validation in the router's software.
How can this vulnerability impact me? :
An attacker with administrative access to the router could exploit this vulnerability to execute arbitrary OS commands, potentially compromising the router's security and affecting the network it manages.
What immediate steps should I take to mitigate this vulnerability?
Since the vulnerability requires authenticated admin access to exploit OS command injection due to improper input validation on NETGEAR Nighthawk R7000P routers through firmware version 1.3.3.154, immediate mitigation steps include restricting admin access to trusted users only, ensuring strong authentication credentials, and monitoring for any suspicious admin activity. Additionally, check for firmware updates from NETGEAR and apply them once available to fix the issue.