CVE-2025-45492

CWE-77 — Command Injection CWE-190 — Integer Overflow5 documents5 sources

Severity

9.8CRITICAL

EPSS

5.4%

top 9.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netgear Ex8000 Firmware

Timeline

PublishedMay 6

Description

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶NVDnetgear/ex8000_firmware1.0.0.126

🔴Vulnerability Details

CVEList

CVE-2025-45492: Netgear EX8000 V1↗2025-05-06

▶

GHSA

GHSA-2pjg-x482-xwr4: Netgear EX8000 V1↗2025-05-06

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Install/Upgrade (LibExpat) — CVE-2024-45492↗2025-01-15

▶

Microsoft

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).↗2024-08-13

▶