CRITICAL🇵🇱 Wersja polska

CVE-2025-28219

CVSS 9.8v3.1pub. 2025-03-28upd. 2025-05-02

Netgear DC112A V1.0.0.64 has an OS command injection vulnerability in the usb_adv.cgi, which allows remote attackers to execute arbitrary commands via parameter "deviceName" passed to the binary through a POST request.

🤖 AI Analysis
How it works

The vulnerability results from insufficient validation and sanitization of the 'deviceName' parameter passed to the usb_adv.cgi script via an HTTP POST request. An attacker can inject arbitrary operating system commands into this parameter value, which are then executed by the device with its privileges. The attack requires no authentication or user interaction, and the attack vector scope is network-based.

Impact

An attacker can gain full control over the device by remotely executing arbitrary system commands, which may lead to a breach of confidentiality, integrity, and availability of the device and data processed by it.

Mitigation & patch

Apply patches available from the manufacturer according to the references. If an update is not available, it is recommended to restrict access to the device management interface only to trusted hosts through network segmentation or firewall, and to disable unused USB functions.

Who is affected

Netgear DC112A with firmware version V1.0.0.64

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netgear Dc112a

    HW
    Netgear
    wszystkie wersje
  • Netgear Dc112a Firmware

    OS
    Netgear
    1.0.0.64
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2021-45638CRITICAL9.6ten sam produkt

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This aff...

CVE-2021-45610CRITICAL9.6ten sam produkt

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D6220 b...

CVE-2021-45611CRITICAL9.6ten sam produkt

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects DC112A ...

CVE-2021-45527CRITICAL9.6ten sam produkt

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D6220 before ...

CVE-2021-38516CRITICAL10.0ten sam produkt

Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6220 befor...