SecuriTricks - CVE-2025-12945

Description

A vulnerability in NETGEAR Nighthawk R7000P routers lets an authenticated admin execute OS command injections due to improper input validation. This issue affects R7000P: through 1.3.3.154.

Product(s) Impacted

Vendor	Product	Versions
Netgear	Nighthawk R7000p	<=1.3.3.154

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	netgear	nighthawk_r7000p	<=1.3.3.154	/	/	/	/	/	/	/

References

https://kb.netgear.com/000070416/December-2025-NETGEAR-Security-Advisory

https://www.netgear.com/support/product/r7000p

CVSS Score

1.1 / 10

CVSS Data - 4.0

Attack Vector: ADJACENT
Attack Complexity: LOW
Attack Requirements: NONE
Privileges Required: HIGH
User Interaction: NONE
Scope:
Confidentiality Impact: NONE
Integrity Impact: LOW
Availability Impact: NONE
Exploit Maturity: UNREPORTED

CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:M/U:Amber

View Vector String

Timeline

Published: Dec. 9, 2025, 5:15 p.m.
Last Modified: Dec. 9, 2025, 8:15 p.m.

Status : Awaiting Analysis

CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.

More info

Source

a2826606-91e7-4eb6-899e-8484bd4575d5

CVE-2025-12945