CNNVD-202512-1256 Information

Dec 09, 2025 cve

CNNVD ID

CNNVD-202512-1256

CVE-2025-12946

CNNVD Published: 2025-12-09

Description (Chinese)

NETGEAR Nighthawk是美国网件（NETGEAR）公司的一系列无线路由器。 NETGEAR多款产品存在安全漏洞，该漏洞源于speedtest功能输入验证不当，可能导致攻击者使用中间人技术操纵DNS响应并在运行speedtest时执行命令。以下产品和版本受到影响：NETGEAR Nighthawk RS700 1.0.7.82及之前版本、RAX54Sv2 V1.1.6.36之前版本、RAX41v2 V1.1.6.36之前版本、RAX50 V1.2.14.114之前版本、RAXE500 V1.2.14.114之前版本、RAX41 V1.0.17.142之前版本、RAX43 V1.0.17.142之前版本、RAX35v2 V1.0.17.142之前版本、RAXE450 V1.2.14.114之前版本、RAX43v2 V1.1.6.36之前版本、RAX42 V1.0.17.142之前版本、RAX45 V1.0.17.142之前版本、RAX50v2 V1.1.6.36之前版本、MR90 V1.0.2.46之前版本、MS90 V1.0.2.46之前版本、RAX42v2 V1.1.6.36之前版本、RAX49S V1.1.6.36之前版本。

Description (English)

NETGEAR Nighthawk is a series of wireless routers of the United States Netware (NETGEAR). NETGEAR has a safety loophole in a number of products, which stems from the inappropriate validation of the Speedtest functionality, which may lead the attackers to manipulate the DNS response using intermediary technology and to execute the order when running the Speedtest. The following products and versions were affected: NETGEAR Nighthawk RS 700 1.0.7.82 and earlier versions, RAX54Sv2 V1.1.6.36, RAX41v2 V1.1.6.36, RAX50 V1.2.14.1414, RAX500 V1.2.14.14.144, RAX41 V1.0.17.17.142, RAX43 V1.0.17.17.142, RAX35v2 V1.0.17.142, RAX450 V1.2.14.144, RAX4v2 V1.1.6.36, RAX42 V1.0.17.142, RAX45 V1.0.1.7.142, RAX50v2 V1.1.6.36, MR90 V1.0.2.066, MS 90.V1.0.2.46, RAX42v2 V1.1.6.36, RAX1.1.9S V1.1.6.36.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

网件

Published

2025-12-09

Last Modified

2026-02-24

References

Patch

https://kb.netgear.com/000070416/December-2025-NETGEAR-Security-Advisory

Share on: