CVE-2025-12945 — Improper Input Validation in Netgear R7000p

CWE-20 — Improper Input Validation3 documents3 sources

Severity

1.1LOWNVD

EPSS

0.7%

top 27.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear R7000p Netgear R7000p Firmware

Timeline

PublishedDec 9

Description

A vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS command injections due to improper input validation. This issue affects R7000P: through 1.3.3.154.

CVSS vector

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5netgear/r7000p1.3.3.154

▶NVDnetgear/r7000p_firmware1.3.3.154

Patches

Patch: www.netgear.com ↗

🔴Vulnerability Details

CVEList

Improper input validation in NETGEAR Nighthawk router R7000P↗2025-12-09

▶

GHSA

GHSA-4mpp-3xgq-2qwv: A vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS command injections due to improper input validation↗2025-12-09

▶