CVE-2025-12946

CWE-20Improper Input Validation3 documents3 sources
Severity
4.4MEDIUM
EPSS
0.1%
top 71.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
35
Netgear Mr90Netgear Ms90Netgear Rax35v2+32 more
Timeline
PublishedDec 9

Description

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX3

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/S:N

Affected Packages35 packages

CVEListV5netgear/rax41v2< V1.1.6.36
CVEListV5netgear/rax42v2< V1.1.6.36
CVEListV5netgear/rax43v2< V1.1.6.36
CVEListV5netgear/rax50v2< V1.1.6.36
NVDnetgear/rax41v2_firmware< 1.1.6.36

Patches

Patch: kb.netgear.comPatch: www.netgear.comPatch: www.netgear.com

🔴Vulnerability Details

2
CVEList
Improper input validation in NETGEAR Nighthawk routers2025-12-09
GHSA
GHSA-w8v2-5vq4-783q: A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router2025-12-09
CVE-2025-12946 (MEDIUM CVSS 4.4) | A vulnerability in the speedtest fe | cvebase.io