CVE-2025-45492

Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the Iface parameter in the action_wireless function.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:netgear:ex8000_firmware:1.0.0.126:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*

History

13 May 2025, 20:19

Type Values Removed Values Added
References () https://github.com/JZP018/vuln03/blob/main/netgear/EX8000/cve-netgear_EX8000_CI_action_wireless.pdf - () https://github.com/JZP018/vuln03/blob/main/netgear/EX8000/cve-netgear_EX8000_CI_action_wireless.pdf - Exploit
References () https://github.com/JZP018/vuln03/blob/main/netgear/EX8000/netgear_EX8000_CI_action_wireless.mp4 - () https://github.com/JZP018/vuln03/blob/main/netgear/EX8000/netgear_EX8000_CI_action_wireless.mp4 - Exploit
First Time Netgear
Netgear ex8000
Netgear ex8000 Firmware
CPE cpe:2.3:o:netgear:ex8000_firmware:1.0.0.126:*:*:*:*:*:*:*
cpe:2.3:h:netgear:ex8000:-:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 6.5
v2 : unknown
v3 : 9.8

07 May 2025, 14:13

Type Values Removed Values Added
Summary
  • (es) Netgear EX8000 V1.0.0.126 es vulnerable a la inyección de comandos a través del parámetro Iface en la función action_wireless.

06 May 2025, 21:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.5
CWE CWE-77

06 May 2025, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-06 16:15

Updated : 2025-05-13 20:19


NVD link : CVE-2025-45492

Mitre link : CVE-2025-45492

CVE.ORG link : CVE-2025-45492


JSON object : View

Products Affected

netgear

  • ex8000
  • ex8000_firmware
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')