Command Injection Vulnerability in Netgear EX8000 Router
CVE-2025-50526

9.8CRITICAL

Key Information:

Vendor

Netgear
Status
EX8000
Vendor
CVE Published:
23 December 2025

What is CVE-2025-50526?

A command injection vulnerability was identified in the Netgear EX8000, specifically within the switch_status function. This flaw allows an attacker to execute arbitrary commands on the router's operating system, potentially compromising the device's integrity and leading to unauthorized access. Mitigation strategies are essential to protect network devices from such vulnerabilities.

References

https://github.com/JZP018/vuln03/blob/main/netgear/EX8000...
https://github.com/JZP018/vuln03/blob/main/netgear/EX8000...

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-50526 : Command Injection Vulnerability in Netgear EX8000 Router