Input Validation Flaw in NETGEAR Nighthawk Routers' Speedtest Feature
CVE-2025-12946

4.4MEDIUM

Key Information:

Vendor: Netgear
Status: Rs700; Rax54sv2; Rax41v2; Rax50
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-12946?

A vulnerability exists in the speedtest feature of certain NETGEAR Nighthawk routers due to improper input validation. This flaw allows attackers on the router's WAN side to exploit attacker-in-the-middle techniques, enabling them to manipulate DNS responses and execute arbitrary commands during speed tests. Users of affected Nighthawk router models should ensure their devices are updated to the latest firmware version to mitigate this vulnerability.

Affected Version(s)

MR90 0

MS90 0

RAX35v2 0

References

https://www.netgear.com/support/product/rs700

productpatch

https://www.netgear.com/support/product/rax54sv2

productpatch

https://www.netgear.com/support/product/rax41v2

productpatch

CVSS V4

Score:

4.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Nov 10, 2025

Credit

molybdenum

JSON

Netgear

What is CVE-2025-12946?

Affected Version(s)

References

CVSS V4

Timeline

Credit