CVE-2025-28219 Information

Description

Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi which allows remote attackers to execute arbitrary commands via parameter \deviceName\ passed to the binary through a POST request.

Reference

https://github.com/IdaJea/IOT_vuln_1/blob/master/DC112A_V1.0.0.64/sub_69600.pdf