CVE-2025-5147 Information

May 26, 2025 cve

Description

A vulnerability was found in Netcore NBR1005GPEV2 NBR200V2 and B6V2 up to 20250508 and classified as critical. This issue affects the function tools_ping of the file /usr/bin/network_tools. The manipulation of the argument url leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Reference

https://anonymous.4open.science/r/netcore_command_injection3-54DFaW2G https://vuldb.com/?ctiid.310235 https://vuldb.com/?id.310235 https://vuldb.com/?submit.573682 A vulnerability was found in Netcore NBR1005GPEV2 NBR200V2 and B6V2 up to 20250508 and classified as critical. This issue affects the function tools_ping of the file /usr/bin/network_tools. The manipulation of the argument url leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

LOW

Base Severity

6.3

Share on: