CVE-2025-12946

HIGH
Published Dec 9, 2025 Modified Jan 21, 2026 CWE-20

Description

A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46; RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36.

Is your site exposed to CVE-2025-12946?

Run a free security scan — no signup, results in seconds.

CVSS v3.1 Score

7.5
HIGH
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Weakness Type (CWE)

CWE-20 Improper Input Validation

Affected Products

Vendor Product
netgear rs700_firmware
netgear rs700
netgear rax54sv2_firmware
netgear rax54sv2
netgear rax45v2_firmware
netgear rax45v2
netgear rax41v2_firmware
netgear rax41v2
netgear rax50_firmware
netgear rax50
netgear raxe500_firmware
netgear raxe500
netgear rax41_firmware
netgear rax41
netgear rax43_firmware
netgear rax43
netgear rax35v2_firmware
netgear rax35v2
netgear raxe450_firmware
netgear raxe450
netgear rax43v2_firmware
netgear rax43v2
netgear rax42_firmware
netgear rax42
netgear rax45_firmware
netgear rax45
netgear rax50v2_firmware
netgear rax50v2
netgear mr90_firmware
netgear mr90
netgear ms90_firmware
netgear ms90
netgear rax42v2_firmware
netgear rax42v2
netgear rax49s_firmware
netgear rax49s

References

Frequently Asked Questions

What is CVE-2025-12946? +
A vulnerability in the speedtest feature of affected NETGEAR Nighthawk routers, caused by improper input validation, can allow attackers on the router's WAN side, using attacker-in-the-middle techniques (MiTM) to manipulate DNS responses and execute commands when speedtests are run. This issue affects RS700: through 1.0.7.82; RAX54Sv2 : before V1.1.6.36; RAX41v2: before V1.1.6.36; RAX50: before V1.2.14.114; RAXE500: before V1.2.14.114; RAX41: before V1.0.17.142; RAX43: before V1.0.17.142; RAX35v2: before V1.0.17.142; RAXE450: before V1.2.14.114; RAX43v2: before V1.1.6.36; RAX42: before V1.0.17.142; RAX45: before V1.0.17.142; RAX50v2: before V1.1.6.36; MR90: before V1.0.2.46; MS90: before V1.0.2.46; RAX42v2: before V1.1.6.36; RAX49S: before V1.1.6.36. It has a CVSS v3.1 base score of 7.5 (HIGH).
How severe is CVE-2025-12946? +
CVE-2025-12946 has a CVSS v3.1 score of 7.5 out of 10, rated HIGH. This is a high-severity vulnerability that should be prioritized for patching.
What products are affected by CVE-2025-12946? +
CVE-2025-12946 affects products from netgear, specifically: mr90, mr90_firmware, ms90, ms90_firmware, rax35v2, rax35v2_firmware, rax41, rax41_firmware, rax41v2, rax41v2_firmware, rax42, rax42_firmware, rax42v2, rax42v2_firmware, rax43, rax43_firmware, rax43v2, rax43v2_firmware, rax45, rax45_firmware, rax45v2, rax45v2_firmware, rax49s, rax49s_firmware, rax50, rax50_firmware, rax50v2, rax50v2_firmware, rax54sv2, rax54sv2_firmware, raxe450, raxe450_firmware, raxe500, raxe500_firmware, rs700, rs700_firmware. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-12946? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-12946 — free, no signup required.