CVE-2025-12942

CWE-20Improper Input Validation3 documents3 sources
Severity
4.8MEDIUM
EPSS
0.0%
top 90.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Netgear R6260 FirmwareNetgear R6850 FirmwareNetgear R6260+1 more
Timeline
PublishedNov 11

Description

Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86.

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Packages4 packages

NVDnetgear/r6260_firmware< 1.1.0.86
NVDnetgear/r6850_firmware< 1.1.0.86
CVEListV5netgear/r62601.1.0.86
CVEListV5netgear/r68501.1.0.86

🔴Vulnerability Details

2
CVEList
Improper input validation in NETGEAR R6260 and R68502025-11-11
GHSA
GHSA-83g8-4c46-g95x: Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform M2025-11-11
CVE-2025-12942 (MEDIUM CVSS 4.8) | Improper Input Validation vulnerabi | cvebase.io