CVE-2025-5495

Name of the Vulnerable Software and Affected Versions Netgear WNR614 version 1.1.0.28 1.0.1WW

Description A critical issue affects the URL Handler component, allowing for improper authentication. The manipulation of the input %00currentsetting.htm can lead to this issue. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This issue has been circulating as a 0day since 2024.

Recommendations For Netgear WNR614 version 1.1.0.28 1.0.1WW, consider restricting access to the URL Handler component until a patch is available. Avoid using the input %00currentsetting.htm in the affected URL Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.