CRITICAL🇵🇱 Wersja polska

CVE-2025-45492

CVSS 9.8v3.1pub. 2025-05-06upd. 2025-05-13

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function.

🤖 AI Analysis
How it works

An attacker sends a crafted network request containing a malicious payload in the Iface parameter handled by the action_wireless function. Input data is not properly validated or sanitized before being passed to the system interpreter, which allows injection and execution of arbitrary commands at the operating system level of the device. The attack does not require authentication or user interaction, and the vulnerability is remotely accessible over the network.

Impact

An attacker can gain full control over the device — read confidential configuration data, modify network settings, and potentially use the device as an entry point for further lateral movement in the network.

Mitigation & patch

Apply patches available from the manufacturer according to references. Until firmware is updated, it is recommended to restrict access to the device management interface only to trusted hosts and isolate the device in the network.

Who is affected

Netgear EX8000 with firmware version V1.0.0.126

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Netgear Ex8000

    HW
    Netgear
    wszystkie wersje
  • Netgear Ex8000 Firmware

    OS
    Netgear
    1.0.0.126
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-50526CRITICAL9.8PL ✓ten sam produkt

Command injection w Netgear EX8000 via funkcja switch_status

CVE-2021-45618CRITICAL9.6ten sam produkt

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 b...

CVE-2021-45619CRITICAL9.6ten sam produkt

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects EX6200v...

CVE-2020-35800CRITICAL9.4ten sam produkt

Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 befo...

CVE-2018-21153CRITICAL9.8ten sam produkt

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects D7800 b...