Improper Input Validation in NETGEAR Routers Affects Security
CVE-2025-12942

4.8MEDIUM

Key Information:

Vendor: Netgear
Status: R6260; R6850
Vendor: CVE Published:; 11 November 2025

What is CVE-2025-12942?

An improper input validation vulnerability in NETGEAR's R6260 and R6850 routers allows unauthenticated users connected to the Local Area Network (LAN) to perform Man-in-the-Middle (MiTM) attacks. This vulnerability can lead to unauthorized command execution, potentially allowing attackers to manipulate DNS server configurations, compromising network integrity and user security.

Affected Version(s)

R6260 0 <= 1.1.0.86

R6850 0 <= 1.1.0.86

References

https://www.netgear.com/support/product/r6850

productpatch

https://www.netgear.com/support/product/r6260

patchproduct

https://kb.netgear.com/000070355/NETGEAR-Security-Advisor...

vendor-advisory

CVSS V4

Score:

4.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 11, 2025
Vulnerability Reserved
Nov 10, 2025

Credit

dcmtruman

JSON

Netgear

What is CVE-2025-12942?

Affected Version(s)

References

CVSS V4

Timeline

Credit