OS Command Injection Vulnerability in Netgear DC112A Router
CVE-2025-28219

9.8CRITICAL

Key Information:

Vendor
Netgear
Status
Vendor
CVE Published:
28 March 2025

Summary

The Netgear DC112A router version V1.0.0.64 is susceptible to an OS command injection vulnerability found in the 'usb_adv.cgi' component. This weakness enables remote attackers to execute arbitrary operating system commands by sending crafted POST requests that manipulate the 'deviceName' parameter. Exploiting this vulnerability could potentially grant unauthorized access to sensitive system functionalities and pose significant risks to device integrity and network security.

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.