PT-2025-50105 · NetGear · Netgear Rax50V2+16
Molybdenum
·
Published
2025-12-09
·
Updated
2025-12-14
·
CVE-2025-12946
CVSS v3.1
7.5
High
| Vector | AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
NETGEAR Nighthawk routers versions 1.0.7.82 and earlier
NETGEAR RAX54Sv2 versions before V1.1.6.36
NETGEAR RAX41v2 versions before V1.1.6.36
NETGEAR RAX50 versions before V1.2.14.114
NETGEAR RAXE500 versions before V1.2.14.114
NETGEAR RAX41 versions before V1.0.17.142
NETGEAR RAX43 versions before V1.0.17.142
NETGEAR RAX35v2 versions before V1.0.17.142
NETGEAR RAXE450 versions before V1.2.14.114
NETGEAR RAX43v2 versions before V1.1.6.36
NETGEAR RAX42 versions before V1.0.17.142
NETGEAR RAX45 versions before V1.0.17.142
NETGEAR RAX50v2 versions before V1.1.6.36
NETGEAR MR90 versions before V1.0.2.46
NETGEAR MS90 versions before V1.0.2.46
NETGEAR RAX42v2 versions before V1.1.6.36
NETGEAR RAX49S versions before V1.1.6.36
Description
An issue exists in the speedtest feature of NETGEAR Nighthawk routers due to insufficient input validation. This allows attackers positioned on the router’s Wide Area Network (WAN) side, employing Man-in-the-Middle (MiTM) techniques, to manipulate Domain Name System (DNS) responses and execute commands when speedtests are initiated.
Recommendations
Update NETGEAR Nighthawk routers to a version later than 1.0.7.82.
Update NETGEAR RAX54Sv2 to version V1.1.6.36 or later.
Update NETGEAR RAX41v2 to version V1.1.6.36 or later.
Update NETGEAR RAX50 to version V1.2.14.114 or later.
Update NETGEAR RAXE500 to version V1.2.14.114 or later.
Update NETGEAR RAX41 to version V1.0.17.142 or later.
Update NETGEAR RAX43 to version V1.0.17.142 or later.
Update NETGEAR RAX35v2 to version V1.0.17.142 or later.
Update NETGEAR RAXE450 to version V1.2.14.114 or later.
Update NETGEAR RAX43v2 to version V1.1.6.36 or later.
Update NETGEAR RAX42 to version V1.0.17.142 or later.
Update NETGEAR RAX45 to version V1.0.17.142 or later.
Update NETGEAR RAX50v2 to version V1.1.6.36 or later.
Update NETGEAR MR90 to version V1.0.2.46 or later.
Update NETGEAR MS90 to version V1.0.2.46 or later.
Update NETGEAR RAX42v2 to version V1.1.6.36 or later.
Update NETGEAR RAX49S to version V1.1.6.36 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Netgear Mr90
Netgear Ms90
Netgear Nighthawk Routers
Netgear Rax35V2
Netgear Rax41
Netgear Rax41V2
Netgear Rax42
Netgear Rax42V2
Netgear Rax43
Netgear Rax43V2
Netgear Rax45
Netgear Rax49S
Netgear Rax50
Netgear Rax50V2
Netgear Rax54Sv2
Netgear Raxe450
Netgear Raxe500