CVE-2025-5145

Name of the Vulnerable Software and Affected Versions Netcore NBR1005GPEV2 versions up to 20250508 Netcore B6V2 versions up to 20250508 Netcore COVER5 versions up to 20250508 Netcore NAP830 versions up to 20250508 Netcore NAP930 versions up to 20250508 Netcore NBR100V2 versions up to 20250508 Netcore NBR200V2 versions up to 20250508 Netcore POWER13 versions up to 20250508

Description A critical vulnerability was found in the Query String Handler component of the affected Netcore devices. The issue affects an unknown part of the file /www/cgi-bin/ and leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For all affected versions up to 20250508, consider disabling the Query String Handler component until a patch is available. Restrict access to the /www/cgi-bin/ file to minimize the risk of exploitation. Avoid using the affected Netcore devices until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.