CVE-2025-5147

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Netcore NBR1005GPEV2 versions up to 20250508 Netcore NBR200V2 versions up to 20250508 Netcore B6V2 versions up to 20250508

Description A critical issue affects the tools ping function of the file /usr/bin/network tools. The manipulation of the url argument leads to command injection. The attack may be initiated remotely.

Recommendations For Netcore NBR1005GPEV2 versions up to 20250508, consider disabling the tools ping function until a patch is available. For Netcore NBR200V2 versions up to 20250508, consider disabling the tools ping function until a patch is available. For Netcore B6V2 versions up to 20250508, consider disabling the tools ping function until a patch is available. Avoid using the url argument in the affected tools ping function until the issue is resolved.

Exploit

Fix

Special Elements Injection

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-77

Related Identifiers

CVE-2025-5147

Affected Products

Netcore B6V2

Netcore Nbr1005Gpev2

Netcore Nbr200V2

CVE-2025-5147

Weakness Enumeration

Related Identifiers

Affected Products

References · 11