Command Injection Vulnerability in Netgear EX8000 Wireless Range Extender
CVE-2025-45492

9.8CRITICAL

Key Information:

Vendor

Netgear
Status
EX8000 Wireless Range Extender
Vendor
CVE Published:
6 May 2025

What is CVE-2025-45492?

The Netgear EX8000 Wireless Range Extender is susceptible to a command injection flaw through the Iface parameter located in the action_wireless function. This vulnerability could allow unauthorized users to execute arbitrary commands on the network device, potentially compromising the integrity and confidentiality of the network. It is crucial for users to assess their network security and implement necessary mitigations to safeguard against this exploit. For further details, refer to the documented analysis.

References

https://github.com/JZP018/vuln03/blob/main/netgear/EX8000...
https://github.com/JZP018/vuln03/blob/main/netgear/EX8000...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.