OS Command Injection Vulnerability in NCP-HG100 by Sony
CVE-2025-64444

8.6HIGH

Key Information:

Vendor: Sony Network Communications Inc.
Status: Ncp-hg100/cellular Model; Ncp-hg100/wlan Model
Vendor: CVE Published:; 14 November 2025

🔔 Create Sony Network Communications Inc. Vulnerability Alert

What is CVE-2025-64444?

An OS Command Injection vulnerability exists in the NCP-HG100 device. If an attacker gains access to the management interface, they can execute arbitrary commands with root privileges, potentially compromising the system's integrity and security.

Affected Version(s)

NCP-HG100/Cellular model 1.4.48.16 and earlier

NCP-HG100/WLAN model 1.4.48.16 and earlier

References

https://support.sonynetwork.co.jp/faqsupport/manoma/web/k...

https://jvn.jp/en/jp/JVN49899607/

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

CVSS V3.0

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 14, 2025
Vulnerability Reserved
Nov 10, 2025

JSON