CVE-2025-12946

moderate-risk

Published 2025-12-09

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46; RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36.

Do I need to act?

0.10% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

ADJACENT_NETWORK / HIGH complexity

Affected Products (18)

Rs700 Firmware

Rax54Sv2 Firmware

Rax45V2 Firmware

Rax41V2 Firmware

Rax50 Firmware

Raxe500 Firmware

Rax41 Firmware

Rax43 Firmware

Rax35V2 Firmware

Raxe450 Firmware

Rax43V2 Firmware

Rax42 Firmware

Rax45 Firmware

Rax50V2 Firmware

Mr90 Firmware

Ms90 Firmware

Rax42V2 Firmware

Rax49S Firmware

Affected Vendors

Netgear

References (18)

Patch https://kb.netgear.com/000070416/December-2025-NETGEAR-Security-Advisory

Patch https://www.netgear.com/support/product/RAX50

Patch https://www.netgear.com/support/product/mr90

Patch https://www.netgear.com/support/product/ms90

Patch https://www.netgear.com/support/product/rax35v2

Patch https://www.netgear.com/support/product/rax41

Patch https://www.netgear.com/support/product/rax41v2

Patch https://www.netgear.com/support/product/rax42

Patch https://www.netgear.com/support/product/rax42v2

Patch https://www.netgear.com/support/product/rax43

Patch https://www.netgear.com/support/product/rax43v2

Patch https://www.netgear.com/support/product/rax45

Patch https://www.netgear.com/support/product/rax49s

Patch https://www.netgear.com/support/product/rax50v2

Patch https://www.netgear.com/support/product/rax54sv2

Patch https://www.netgear.com/support/product/raxe450

Patch https://www.netgear.com/support/product/raxe500

Patch https://www.netgear.com/support/product/rs700

/ 100

moderate-risk

Severity 20/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 19/34 · Moderate